Later veRAAC lockers may steal rewards from previous veRAAC lockers.
Summary
Later veRAAC lockers may steal rewards from previous veRAAC lockers.
Vulnerability Details
In FeeCollector, the distributor role will distribute the collector fees to veRAAC holders. veRAAC holders can claim rewards according to the holding veRAAC token voting power.
The problem is that we will use the latest voting power to claim all rewards tokens, including some previous distributing epochs. This will cause that some later veRAAC holders will steal some rewards from some previous veRAAC holders.
For example:
Alice locks RAAC to get 1000 veRAAC token. And Alice is the only veRAAC locker.
The distributor role distribute 100 RAAC to veRAAC holders in timestamp A. These 100 RAAC tokens are expected to be claimed by Alice. But Alice wishes to claim all rewards from several distribution epochs.
The distributor role distribute another 100 RAAC to veRAAC holders in timestamp A + 100.
Bob locks RAAC to get 2000 veRAAC token.
Bob claims rewards immediately, and he can get more than 133 reward tokens. When Alice wants to claim her rewards, she can only get less than 70 RAAC tokens, which is less than expected.
Impact
Later veRAAC lockers will steal rewards from previous veRAAC lockers.
Tools Used
Manual
Recommendations
Record each distribution epoch's timestamp. When users want to claim rewards, their rewards should be calculated according to the voting power in the distribution epoch's timestamp, not the latest timestamp.
Lead Judging Commences
Time-Weighted Average Logic is Not Applied to Reward Distribution in `FeeCollector`
Time-Weighted Average Logic is Not Applied to Reward Distribution in `FeeCollector`
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.