BaseGauge.sol :: wrong Order of operations Leads to exponentiation of rewardPerTokenStored in getRewardPerToken()
Summary
The order of operation in getRewardPerToken() for calculating rewardPerTokenStored can make it grow exponentially, severly overstating each individuals rewards
Vulnerability Details
should be changed to
The order of operation in the current logic can make rewardPerTokenStored grow exponentially, severly overstating each individuals rewards. Individuals will therefore either be able to withdraw more funds than should be allocated to them or they will not be able to withdraw thier funds at all as the contract will have insufficient amount of tokens
Impact
High
individuals rewards can be severly overstated
Tools Used
Manual analysis, also reported in unipool's audit report
Recommendations
The order of operation should be changed
should be changed to
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.