Unfair distribution on rewards in `FeeCollector`
Summary
Upon claiming rewards, every user is assigned a fraction of totalDistributed which is a variable that tracks all historically distributed tokens. Brand new lockers will have unfair claim on rewards, stealing from other users.
Details
Every time a reward distribution takes place it invokes _processDistributions, it checks the raacToken balance of the fee collector contract and splits it between itself, treasury, repair fund and the rest are burnt. All proceedings to the fee collector are logged through an ever-growing variable totalDistributed which tracks all tokens distributed in the contract since it's deployment. Afterwards veToken holders have claims on these proceedings through claimRewards
However, the function calculating the rewards does it incorrectly.
We observe that user's pending rewards are based on a fraction of their voting power multiplied by all tokens distributed ever. Assume that the contract had been running for some time and has distributed 100k$ worth of RAAC up till now. A whale user locks large amount of tokens and gets 10% of the total voting power. Whale calls claim rewards and is awarded 10% of all RAAC rewards ever distributed.
Impact
Loss of funds for the protocol and its' users.
Mitigation
Track rewards through a checkpoint system and let users have claims only on historical snapshots, not the entire distribution.
Lead Judging Commences
Time-Weighted Average Logic is Not Applied to Reward Distribution in `FeeCollector`
Time-Weighted Average Logic is Not Applied to Reward Distribution in `FeeCollector`
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.