Incorrect Pending Reward Update in Fee Collector ClaimRewards Function
Summary
In the FeeCollector contract, the pending reward for a user is calculated based on their voting power share of the total distributed rewards. However, upon claiming rewards, the contract incorrectly sets the user’s reward record to the full totalDistributed amount instead of subtracting the claimed pending reward. This miscalculation may result in inaccurate accounting for subsequent reward claims.
Vulnerability Details
The issue arises in the claimRewards function. The pending reward is computed as a share of totalDistributed based on the user’s voting power relative to the total voting power. Ideally, after a successful claim, the pending reward should be deducted from the user’s outstanding reward balance. However, the current implementation resets the user’s reward state with the following line:
Impact
• Minor Accounting Discrepancy: While this error does not compromise the security of the contract, it may lead to inaccurate reward calculations over multiple claims.
Tools Used
Recommendations
• Adjust Reward Update Logic: Modify the claimRewards function so that after transferring the pending reward, the contract correctly updates userRewards[user] by subtracting the claimed amount. For example:
Lead Judging Commences
FeeCollector::claimRewards sets `userRewards[user]` to `totalDistributed` seriously grieving users from rewards
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.