Core Contracts

Summary

The smart contract's claimRewards function contains an error in its reward accounting mechanism. When users claim their rewards, the function incorrectly updates their reward tracking variable, leading to a disruption in future reward calculations and potential loss of user earnings.

Vulnerability Details

The contract determines user rewards using their proportional voting power:

The key flaw occurs during the reward claim process:

This implementation erroneously sets the user's reward tracker to the contract's total distributed amount, rather than tracking their actual claimed rewards. This misalignment prevents accurate calculation of future reward entitlements.

Example Scenario Showing the Flaw

1. Initial Conditions:

   • Contract has distributed 1,000 tokens total

   • User controls 10% of voting power (100 out of 1,000)

   • User's reward tracker starts at 0

   • Expected reward: (1,000 × 100) ÷ 1,000 - 0 = 100

2. First Claim:

   • User receives 100 tokens

   • System incorrectly sets user's tracker to 1,000

3. After New Distribution:

   • Total distributed increases to 2,000

   • User maintains 10% voting power

   • Calculation becomes:

   • Entitled share = (2,000 × 100) ÷ 1,000 = 200

   • System shows: 200 - 1,000 = -800 (returns 0)

   • User misses out on 100 additional tokens they should receive

Impact

• Users fail to receive their complete reward entitlements

• Disruption of the fair reward distribution mechanism

• Accumulating financial losses for participants over time

Tools Used

• Manual code review

Recommendations

• Correctly track claimed rewards:

  userRewards[user] += pendingReward;

• Ensure reward tracking reflects actual claimed amounts rather than global distribution totals