Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Rewards can still accumulate when the contract is paused but there's no way to claim leading to them being stuck in the contract

ChainProof

Summary

Reward distribution is paused also when the contract is paused.

Vulnerability Details

The distributeRewards can be called by anyone to distribute reward to the gauges

function distributeRewards(
address gauge
) external override nonReentrant whenNotPaused {
if (!isGauge(gauge)) revert GaugeNotFound();
if (!gauges[gauge].isActive) revert GaugeNotActive();
uint256 reward = _calculateReward(gauge);
if (reward == 0) return;
IGauge(gauge).notifyRewardAmount(reward);
emit RewardDistributed(gauge, msg.sender, reward);
}

The issue with the implementation is that it contains a whenNotPaued modifier, meaning when the contract is paused, the function cannot be called.

This implementation however is faulty as pausing the contract means pausing further voting and adding new gauges, however already added gauges should not be stripped off their earned rewards.

This is because when the contract is paused, rewards can still accumulate but there'll be no way to distribute these rewards leading to them bieng stuck in the contract.

Impact

When the contract is paused, the reward distribution will not be possible even though rewards can accumulate when the contract is paused.

Tools Used

Manual review

Recommendations

Remove the whenNotPaused modifier.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!