Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Incorrect WETH Reward Calculation

oxelmiguel

Summary

A bug exists in the getVaultAccumulatedValues function where the WETH reward change is calculated without accounting for the vault's credit share. This results in an unfair distribution of WETH rewards, as the vault's share of the total delegated credit is not applied to the reward calculation.

Vulnerability Details

Affected Code

The bug is in the getVaultAccumulatedValues function:

wethRewardChangeX18 = ud60x18(self.wethRewardPerVaultShare).sub(lastVaultDistributedWethRewardPerShareX18);

Expected Behavior

The WETH reward change should be calculated as:

wethRewardChangeX18 = (wethRewardPerVaultShare - lastDistributedWethRewardPerShare) * vaultCreditShareX18

Actual Behavior

The WETH reward change is calculated as:

wethRewardChangeX18 = wethRewardPerVaultShare - lastDistributedWethRewardPerShare

  • The vault's credit share (vaultCreditShareX18) is not multiplied, leading to incorrect reward distribution.

Impact

The bug undermines the fairness and integrity of the reward distribution mechanism

Tools Used

  • Manual Code Review: The bug was identified through a detailed review of the getVaultAccumulatedValues function.

Recommendations

Update the WETH reward calculation to account for the vault's credit share:

wethRewardChangeX18 = ud60x18(self.wethRewardPerVaultShare)
.sub(lastVaultDistributedWethRewardPerShareX18)
.mul(vaultCreditShareX18);
Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`wethRewardPerVaultShare` is incremented by `receivedVaultWethReward` amount which is not divided by number of shares.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.