Core Contracts

Summary

Users can be permanently locked out of claiming rewards via FeeCollector::claimRewards when new veToken holders join and dilute the total voting power which causes the formula to return 0 always due to a flawed reward calculation mechanism in FeeCollector::_calculatePendingRewards.

Vulnerability Details

[](https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/collectors/FeeCollector.sol#L486C1-L487C74)

The _calculatePendingRewards function calculates rewards by:

This means:

1. A user's share is their percentage of totalDistributed based on current voting power

2. This calculated share must exceed their last claimed amount (userRewards[user]) to receive rewards

3. When new stakers join, the user's voting percentage drops, making their share smaller than their last claim

For example:

1. Initial State:

• Alice stakes 100 tokens (66% of pool)

• totalDistributed = 10 ETH

• Alice claims her share (6.6 ETH)

• userRewards[Alice] = 10 ETH

1. Dilution Occurs:

• Bob stakes 300 tokens

• Alice's voting power drops to 25%

• New fees added, totalDistributed = 20 ETH

• Alice's new share = (20 ETH * 25%) = 5 ETH

• Since 5 ETH < 10 ETH, claim reverts

• This condition can never be reversed without massive fee influx

Impact

Users who have legitimately staked and claimed rewards can be permanently locked out from claiming future rewards when large stakers join. This effectively:

• Denies users access to future rewards they should be entitled to

• Early stakers are punished

• May force users to unstake and restake to access rewards

Tools Used

Foundry

Recommendations

Implement a reward epoch system where:

Each fee distribution creates a new epoch
User rewards are calculated based on their voting power at distribution time
Previous claims cannot be diluted by future staking activity

This matches established patterns used in major DeFi protocols for fair reward distribution.