search
Active Boosts

31485 - [SC - Critical] Miscalculation of distributed tokens at revenue...

Submitted on May 20th 2024 at 06:40:34 UTC by @MahdiKarimi for Boost | Alchemixarrow-up-right

Report ID: #31485

Report type: Smart Contract

Report severity: Critical

Target: https://github.com/alchemix-finance/alchemix-v2-dao/blob/main/src/RevenueHandler.sol

Impacts:

  • Theft of unclaimed yield

hashtag
Description

hashtag
Brief/Intro

Revenue handler uses contract balance to calculate distribution amount, so if users didn't claim their rewards from the last distribution, unclaimed amount is mistakenly considered as newly distributed rewards

hashtag
Vulnerability Details

Every time the checkpoint is called at revenue handler to distribute revenues, it uses the contract balance as the amount to be distributed. However, if some users haven't claimed their rewards from previous distributions, those unclaimed rewards are mistakenly considered as newly distributed rewards so some users can receive more rewards while others can't receive their rewards.

hashtag
Impact Details

Inconsistency between contract balance and user claimable amount enables some users to receive more rewards while some users are not able to receive any rewards

hashtag
References

https://github.com/alchemix-finance/alchemix-v2-dao/blob/f1007439ad3a32e412468c4c42f62f676822dc1f/src/RevenueHandler.sol#L245-L264

hashtag
Proof of Concept

Previous31484 - [SC - High] Rewards for the first epoch at rewards distribu...Next31486 - [SC - High] getClaimableFlux miscalculates claimable FLUX f...

Last updated

Was this helpful?