Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Incorrect weth reward distribution per vault share

cipher27

Summary

The wethRewardPerVaultShare calculation in receiveWethReward() doesn't account for vault's delegated credit proportion, leading to incorrect reward distribution among vaults.

Vulnerability Details

The issue occurs in Market.sol where wethRewardChangeX18 is calculated without considering vault's proportional credit contribution:

File: Market.sol
320: // TODO: fix the vaultCreditShareX18 flow to multiply by `wethRewardChangeX18`
321: wethRewardChangeX18 = ud60x18(self.wethRewardPerVaultShare).sub(lastVaultDistributedWethRewardPerShareX18);

Also, receiveWethReward() updates wethRewardPerVaultShare without dividing by total delegated credit:

File: Market.sol
523: // increment the all time weth reward storage
524: self.wethRewardPerVaultShare =
525: ud60x18(self.wethRewardPerVaultShare).add(receivedVaultsWethRewardX18).intoUint128();

As a result, all vaults will receive the same WETH reward, regardless of their delegated credit amount. And the total rewards will be greater than the actual WETH rewards received.

Impact

Vaults receive equal WETH rewards regardless of their delegated credit amount, causing unfair reward distribution.

Recommendations

Divide receivedVaultsWethRewardX18 by totalDelegatedCreditUsd when updating wethRewardPerVaultShare to properly account for each vault's proportional credit contribution.

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`wethRewardPerVaultShare` is incremented by `receivedVaultWethReward` amount which is not divided by number of shares.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.