Stratax Contracts
First Flight #57
Beginner FriendlyDeFi
100 EXP
View all submissions
Previous Next
Submission Details
Impact: high
Likelihood: high

Reward Accrual Drift Enables Retroactive Reward Amplification

Author Revealed upon completion

Root + Impact

Description

  • Rewards are expected to be distributed strictly proportional to capital exposure over time.

Because reward indices are updated lazily, users can enter and exit positions around update boundaries and receive rewards for periods they were not exposed.

// Root cause (conceptual)
// @> rewardIndex not synchronized before balance changes
// @> deposit/withdraw trust cached index
// @> claim assumes index reflects full exposure

Risk

Likelihood:

  • Occurs during normal deposits and withdrawals.

Does not require privileged access or abnormal timing.

Impact:

  • Attacker extracts rewards disproportionate to exposure.

Honest users receive reduced yields.

Proof of Concept

  • The reward index advances after the user enters but before exit, granting rewards for a longer effective exposure window.

deposit(amount);
updateRewards();
withdraw(amount);
claimRewards();

Recommended Mitigation

  • Snapshot Reward Index at Entry

- remove this code
+ add this code
struct Position {
uint256 balance;
uint256 rewardIndexSnapshot;
}
positions[user].rewardIndexSnapshot = globalRewardIndex;
reward = position.balance *
(globalRewardIndex - position.rewardIndexSnapshot);

  • Force Reward Synchronization on State Changes

- remove this code
+ add this code
modifier syncRewards() {
_updateGlobalRewardIndex();
_;
}
-function deposit(uint256 amount) external {
+function deposit(uint256 amount) external syncRewards {
_mintPosition(msg.sender, amount);
}
-function withdraw(uint256 amount) external {
+function withdraw(uint256 amount) external syncRewards {
_burnPosition(msg.sender, amount);
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!