0uts1der - Precision Loss in notifyRewardAmount
Function Causes Unclaimable RewardToken
#96
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A Medium severity issue.
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
0uts1der
Medium
Precision Loss in
notifyRewardAmount
Function Causes Unclaimable RewardTokenSummary
In the
StakedEXA
contract, thenotifyRewardAmount
function suffers from precision loss when calculating the reward rate, leading to some rewards being locked and unclaimable.Vulnerability Detail
In the
StakedEXA
contract, there is a precision loss in thenotifyRewardAmount
function when calculatingrewardData.rate
, which results in some of the reward funds being locked in the contract and not being available for distribution. This leads to economic loss.Clearly, the formulas
rewardData.rate = amount / rewardData.duration;
andrewardData.rate = (amount + remainingRewards) / rewardData.duration;
in the calculation ofrewardData.rate
cause precision loss. This results in the final reward amountrewardData.rate * rewardData.duration
being less than theamount
actually passed to thenotifyRewardAmount
function. Since there is no suitable function to extract this remaining portion of funds, it causes economic loss.A Proof of Concept (POC) can be constructed in
StakedEXA.t.sol
as follows.The output is as follows:
Assuming WBTC as the reward token with an amount of 10 and
RewardsDuration
set to one week, and Alice as the only staker with a stake of 1 ether worth of EXA tokens.After 30 weeks, based on the set parameters, the reward distribution should be complete. When Alice calls the
claim
function, the full 10 ether worth of rewards should be distributed to Alice and savings. However, due to precision loss, 0.0026 WBTC will remain in the contract (worth over 100 USD).Impact
The precision loss in the
StakedEXA
contract'snotifyRewardAmount
function results in a portion of the reward funds being locked in the contract and unavailable for distribution.Code Snippet
https://github.com/sherlock-audit/2024-07-exactly-stacking-contracts/blob/main/protocol/contracts/StakedEXA.sol#L209-L229
Tool used
Manual Review
Recommendation
Add an admin function to extract the reward tokens that remain undistributed due to precision loss.
The text was updated successfully, but these errors were encountered: