Core Contracts

Summary

when the function claimRewards(FeeCollector.sol) is called, userRewards[user] is updated to totalDistributed which is incorrect. so fees/rewards of users will be stuck in the FeeCollector contract. userRewards[user] should be updated to pendingReward in the function claimRewards.

Vulnerability Details

1. Let’s assume , currently totalDistributed = 1000e18 in the FeeCollector contract. Alice’s VotingPower i.e veRAACToken.getVotingPower = 100e18, totalVotingPower = 1000e18.

2. alice calls function claimRewards to claim rewards which calls function _calculatePendingRewards where share = (totalDistributed * userVotingPower) / totalVotingPower i.e share = (1000e18*100e18)/1000e18 = 100e18. As userRewards[user] for alice is 0, so alice gets 100e18 rewards. After That, Alice's userRewards[user] is updated to totalDistributed i.e 1000e18.

3. next time, when alice calls function claimRewards to claim rewards, alice will not claim rewards or may get less rewards because if alice’s share is less than userRewards[alice] i.e 1000e18, then alice will get 0 rewards .

4. so even alice should get rewards but alice will not get rewards because alice’s userRewards[alice] should set 100e18(as she previously claims 100e18) but alice’s userRewards[alice] is set to totalDistributed i.e 1000e18 previously.

5. if Alice's (next time when claiming) rewards are bigger than 1000e18, this time Alice will get less rewards.

6. so fees/rewards of users will be stuck in the FeeCollector contract.

\

Impact

fees/rewards of users will be stuck in the FeeCollector contract.

Tools Used

manual review

Recommendations

userRewards[user] should be updated to pendingReward in the function claimRewards.