Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Pending rewards check in `unstake()` makes it difficult to withdraw

cipher27

Summary

The unstake() function requires users to have zero pending rewards before unstaking, but since rewards are constantly updated with every user action, it becomes extremely difficult to successfully unstake.

Vulnerability Details

In VaultRouterBranch.sol, the unstake() function has a strict check that prevents users from unstaking if they have any pending rewards:

File: VaultRouterBranch.sol
598: // get the claimable amount of fees
599: UD60x18 amountToClaimX18 = vault.wethRewardDistribution.getActorValueChange(actorId).intoUD60x18();
600:
601: // reverts if the claimable amount is NOT 0
602: if (!amountToClaimX18.isZero()) revert Errors.UserHasPendingRewards(actorId, amountToClaimX18.intoUint256());

The rewards are updated via recalculateVaultsCreditCapacity() which is called during every user action:

Even if users claim their rewards first, by the time they attempt to unstake, new rewards may have accumulated due to vault updates from other users' actions, causing the unstake to fail again.

Impact

Users are effectively prevented from unstaking their tokens unless they manage to execute the unstake transaction in a block where no other vault updates have occurred.

Recommendations

Remove the pending rewards check from unstake() function since rewards are handled separately through the fee distribution system.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

[INVALID] Inside `VaultRouterBranch`::`unstake` it's checked that a LP provider can only call if they have no available rewards, this could lead to DoS.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.