Contract fails to deliver promised returns, but doesn't lose value
Description
Bug Description
When user tries to reinvest their claimed reward with _compound = true in RewardsDistributor.claim(uint256 _tokenId, bool _compound), it will always revert when users _tokenId is expired.
As we can see, while performing depositFor() from claim(), its checking for require(_locked.end > block.timestamp, "Cannot add to expired lock. Withdraw");. Which will revert user's claim tx with compounding when their veALCX token is expired.
Impact
Users compounding claim tx will always revert when their veALCX NFT token is expired. User should not allowed to call claim function with compounding once their veALCX token is expired.
Recommendation
Consider sending the claimed veALCX rewards to the owner of the veALCX if the veALCX's lock has already expired.
When executing code block of compounding, it should also check along with compounding check that whether veALCX NFT token is not expired as shown below.
Note: For PoC to work, we need to move time beyond 60 days which is hardcoded in RewardsDistributor contract as staleThreshold = 60 days at https://github.com/alchemix-finance/alchemix-v2-dao/blob/f1007439ad3a32e412468c4c42f62f676822dc1f/src/RewardsDistributor.sol#L118. Since time has moved beyond 60 days but oracle(priceFeed) has not updated during this time interval, its reverting with Price stale message. To mimic oracle update, we have updated updatedAt field returns from latestRoundData() to avoid Price stale revert using foundry cheatcode - load and store.
Steps to Run using Foundry:
Paste following foundry code in src/test/Minter.t.sol
Run using FOUNDRY_PROFILE=default forge test --fork-url $FORK_URL --fork-block-number 17133822 --match-contract MinterTest --match-test testCompoundRewardFailureOnVeALCXExpired -vv
// Compound claiming should revert if users veALCX is expiredfunctiontestCompoundRewardFailureOnVeALCXExpired() public {initializeVotingEscrow(); hevm.startPrank(admin);// After no epoch has passed, amount claimable should be 0assertEq(distributor.claimable(tokenId),0,"amount claimable should be 0");// Fast forward to new epoch hevm.warp(newEpoch()); hevm.roll(block.number +1); voter.distribute();// Accounts must provide proportional amount of WETH to deposit into the Balancer pool weth.approve(address(distributor), type(uint256).max);// Fast forward to MAXTIME to expire tokenIduint expiry = veALCX.lockEnd(tokenId); hevm.warp(expiry +1seconds); hevm.roll(block.number +1);// Update priceFeed's `updatedAt` fieldaddress aggregator =0x64a119DCf78E7E3FcED89c429f6F47Bf0cd80250; uint transmissionSlot = 44; //https://evm.storage/eth/19889196/0x64a119dcf78e7e3fced89c429f6f47bf0cd80250/s_transmissions#map
uint latestRoundId =2608;bytes32 loc =keccak256(abi.encode(latestRoundId, transmissionSlot));bytes32 data = hevm.load(aggregator, loc); data = data &0x0000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff; data = data |bytes32(block.timestamp <<192); hevm.store(aggregator, loc, data);// Claim with compunding should revert hevm.expectRevert("Cannot add to expired lock. Withdraw"); distributor.claim(tokenId,true); hevm.stopPrank();}
