Missed Reward Accrual Due to Pause Before Tick Execution
Summary
The contract allows pausing operations, but if tick() is not called before pause(), rewards may be missed. This can lead to an incorrect rewards distribution when the contract is resumed.
Vulnerability Details
The tick() function is responsible for updating rewards and state variables. If pause() is called before tick(), the contract might freeze before updating the latest accrued rewards. This can result in:
Rewards not being accounted for properly.
Users receiving incorrect rewards after resumption.
Inconsistencies in reward distribution logic.
Impact
The issue can cause an inaccurate reward calculation, leading to financial losses for users and unfair distributions. If rewards are time-sensitive, missing an update can permanently reduce the total rewards pool for affected participants.
Tools Used
Manual code review
Recommendations
Modify the pause() function to enforce calling tick() before pausing.
Lead Judging Commences
RAACMinter::pause skips interest accrual for active pre-pause period by updating lastUpdateBlock without calling tick(), permanently removing earned rewards
RAACMinter::pause skips interest accrual for active pre-pause period by updating lastUpdateBlock without calling tick(), permanently removing earned rewards
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.