Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Incorrect WETH Reward Distribution Due to Precision Loss in Fixed-Point Arithmetic

daniel526

The _handleWethRewardDistribution() function misallocates WETH rewards due to precision loss when performing fixed-point arithmetic using PRB-Math’s UD60x18. The calculation:

UD60x18 leftover = receivedWethX18.sub(receivedProtocolWethRewardX18).sub(receivedVaultsWethRewardX18);

assumes that receivedProtocolWethRewardX18 + receivedVaultsWethRewardX18 will always sum exactly to receivedWethX18, but due to rounding errors inherent in fixed-point arithmetic, leftover may be a small nonzero value. The contract then arbitrarily assigns this remainder to receivedVaultsWethRewardX18, favoring vault rewards over protocol rewards in an unpredictable manner. Over multiple iterations, this rounding discrepancy accumulates, leading to persistent misallocation of WETH fees.

Impact

Incorrect WETH distribution results in protocol fee recipients and vaults receiving slightly more or less than their intended share, creating an unfair reward system and potentially leading to financial discrepancies over time.

Mitigation

To ensure all WETH is accounted for correctly, first compute the vault reward, then allocate the exact remaining WETH to protocol rewards:

UD60x18 receivedVaultsWethRewardX18 = receivedWethX18.mul(ud60x18(Constants.MAX_SHARES).sub(feeRecipientsSharesX18));
UD60x18 receivedProtocolWethRewardX18 = receivedWethX18.sub(receivedVaultsWethRewardX18);
Updates

Lead Judging Commences

inallhonesty Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.