The Staking contract's distributeRewards function is vulnerable to a frontrunning attack. A malicious user with access to large deposits can monitor the mempool for pending reward distributions, frontrun by depositing a substantial amount of LONG tokens to mint shares at the pre-reward rate, and then capture a disproportionate share of the rewards upon distribution.
This dilutes rewards for existing stakers and allows the attacker to profit by withdrawing post-rebase. The issue arises from the lack of protections against sudden share inflation before rewards.
Vulnerability Details
The vulnerable function:
function distributeRewards(uint256 amount) external onlyOwner {
if (amount == 0) revert ZeroReward();
LONG.safeTransferFrom(msg.sender, address(this), amount);
emit RewardsDistributed(amount);
}
distributeRewards(uint256 amount) adds rewards by transferring LONG into the vault, increasing totalAssets() without minting new shares, which rebases the asset-per-share rate upward for existing holders.
There is no protection against frontrunning: an attacker can deposit a large amount just before the reward tx confirms, minting shares at the lower pre-reward rate, and then benefit from the rebase on their inflated share count. Upon withdrawal, the attacker realizes gains proportional to their temporary dominance in total shares, effectively stealing from legitimate stakers.
Attack Vector
1
Monitor mempool
Observe a pending distributeRewards transaction in the mempool.
2
Frontrun with deposit
Frontrun by depositing a large amount of LONG to the staking contract, minting shares at the pre-reward rate.
3
Let rewards rebase
Allow the reward transaction to execute, increasing assets in the vault without minting shares, which increases the asset-per-share value.
4
Withdraw amplified assets
Redeem shares after the rebase to capture a disproportionate amount of the distributed rewards.
Conditions for Exploitation
Pending distributeRewards tx visible in mempool.
Attacker has access to large LONG liquidity (e.g., flash loans).
Attacker may have to wait minStakePeriod if required, but profit can still exceed delay.
Impact Details
Attackers can steal expected yield from long-term stakers by capturing a disproportionate share of each distribution through frontrunning deposits.
Staking
Rewards distribution
Warning: Potentially unsafe deployment of contracts/v2/periphery/Staking.sol:Staking
You are using the `unsafeAllow.constructor` flag.
user 1 3187.499999999999999999
user 2 3187.5
attacker 10625.0
✔ attack test (3474ms)
