Core Contracts

Summary

In the BaseGauge.sol contract if a user claims rewards very close to the end of the period, they will not be able to claim the entire amount. They need to wait an additional day to claim the remaining amount. This issue arises because the claim interval check does not account for the end of the period.

Vulnerability Details

The vulnerability arises from the getReward function, which enforces a minimum claim interval of 1 day (MIN_CLAIM_INTERVAL). If a user claims rewards very close to the end of the period, they will not be able to claim the entire amount and will need to wait an additional day to claim the remaining rewards. This is because the function checks the time since the last claim and reverts if it is less than the MIN_CLAIM_INTERVAL, even if the period has ended.

Example Scenario

Consider the following scenario:

1. A user claims rewards 23 hours before the end of the period.

2. The user accumulates additional rewards during the remaining 23 hours.

3. When the user tries to claim the remaining rewards immediately after the period ends, the function reverts because the MIN_CLAIM_INTERVAL has not passed.

4. The user needs to wait additionally to claim the remaining rewards.

This scenario demonstrates how the current implementation can prevent users from claiming their full rewards at the end of the period.

Impact

The impact of this vulnerability is that users may be unable to claim their full rewards at the end of the period, leading to frustration. Users expect to be able to claim their rewards once the period ends, and the current implementation does not allow for this. This can undermine user trust in the protocol and lead to dissatisfaction.

Tools Used

Manual Review

Recommendations

To mitigate this vulnerability, update the getReward function to allow claims without checking the time if the period is over.