Incorrect WETH Reward Calculation in Market::getVaultAccumulatedValues
Summary
The function getVaultAccumulatedValues incorrectly calculates the wethRewardChangeX18 by subtracting lastVaultDistributedWethRewardPerShareX18 from self.wethRewardPerVaultShare, without multiplying by the vault's credit share (vaultCreditShareX18). This results in the vault receiving more WETH rewards than it should. This could drain the markets as vaults are rewarded more than they are entitled to.
Vulnerability Details
The wethRewardChangeX18 is currenty calculated by following:
This value is returned Vault::recalculateVaultsCreditCapacity, where the weth distribution is updated:
Here vaultTotalWethRewardChangeSD59X18 contains all the shares of all vault. As a result, if users of one vault claims reward, there will be shortage of WETH for other vault's WETH reward.
The change in WETH rewards should be multiplied by vaultCreditShareX18 (which represents the vault's proportion of the total delegated credit). Otherwise it is returning the whole reward. It will cause draining of WETH reward.
Impact
Vaults are receiving more rewards than they are entitled to, leading to unintended reward allocations and loss of funds from the vault
Recommendation
Multiply wethRewardChangeX18 by vaultCreditShareX18
Update the WETH reward calculation to:
Lead Judging Commences
`wethRewardPerVaultShare` is incremented by `receivedVaultWethReward` amount which is not divided by number of shares.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.