Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

`FeeCollector::claimRewards` it's not working correctly at all

ChainDefenders

Summary

The claimRewards function in the FeeCollector contract allows users to claim rewards based on their voting power. However, there are multiple issues that can lead to users being unable to claim their rightful rewards or claiming more than their fair share. Specifically:

If a user claims rewards after only one distribution, they may lose access to future rewards due to incorrect tracking of claimed amounts.
The contract does not correctly account for voting power changes over multiple distributions.
Users who had voting power during distribution may be unable to withdraw their rewards if new users with voting power claim first.

Vulnerability Details

The issue arises from the way userRewards[user] is updated in claimRewards:

userRewards[user] = totalDistributed;

This assignment effectively prevents users from claiming any additional rewards in future distributions. Once a user claims, their rewards are set to totalDistributed, which could be higher than their entitled share if multiple distributions occur. Consequently, if new users with voting power claim rewards, previous users may find themselves locked out from withdrawing their rightful rewards.

Additionally, _calculatePendingRewards does not account for changes in voting power correctly. If the total voting power fluctuates over time, users may not receive their proportional share.

Also users can claim rewards for all distribtuion from begging.

Proof of Concept

Consider the following scenario:

A user has voting power and rewards are distributed.
The user claims their rewards. Their userRewards[user] is set to totalDistributed.
New distribution is added.
The user, who initially had voting power during the first distribution, can no longer claim further rewards due to the incorrect update of userRewards[user].

Impact

The vulnerabilities described above have significant consequences for the fairness and functionality of the reward distribution mechanism:

Loss of Rewards for Legitimate Users: Users who claim rewards early may lose access to future distributions, even if they maintain their voting power. This undermines the intended incentive structure of the protocol.
Unfair Distribution of Rewards: Users who claim rewards later may receive more than their fair share, especially if the total voting power changes over time. This could lead to centralization of rewards among a small group of users.
Lockout of Early Users: Early participants in the protocol may be permanently locked out of claiming rewards if new users claim rewards first, reducing trust in the system and discouraging participation.

Tools Used

Manual review

Recommendations

Implement a mechanism which will correctly rewards only to eligible for every epoch.

Updates

Lead Judging Commences

inallhonesty Lead Judge 5 months ago

Submission Judgement Published

Validated

Assigned finding tags:

FeeCollector::claimRewards sets `userRewards[user]` to `totalDistributed` seriously grieving users from rewards

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.