#41283 [SC-Low] Contract fails to deliver promised returns, due to changed `MAX_CAP_PER_WALLET_PER_EPOCH_FACTOR`

Submitted on Mar 13th 2025 at 10:34:06 UTC by @Oxl33 for Audit Comp | Yeet

Report ID: #41283
Report Type: Smart Contract
Report severity: Low
Target: https://github.com/immunefi-team/audit-comp-yeet/blob/main/src/Reward.sol
Impacts:
- Contract fails to deliver promised returns, but doesn't lose value

Description

Description:

In the documentation it is stated:

There is a cap each day on what percentage of the daily emissions that an individual address can receive, set at 30%

But in reality MAX_CAP_PER_WALLET_PER_EPOCH_FACTOR is initialized as 30 and acts as a denominator, so maxClaimable is only ~3.3% of epoch rewards, not 30%.

This is where the value gets set initially:

contract RewardSettings is Ownable2Step {
    /// @dev The max rewards a wallet can get per epoch
    uint256 public MAX_CAP_PER_WALLET_PER_EPOCH_FACTOR;

    event YeetRewardSettingsChanged(uint256 indexed maxCapPerWalletPerEpoch);

    constructor() Ownable(msg.sender) {
        /// @dev this is in percentage, 1/10 of the total rewards
@>      MAX_CAP_PER_WALLET_PER_EPOCH_FACTOR = 30;
    }

This is how the value gets used:

    function getClaimableAmount(address user) public view returns (uint256) {
        uint256 totalClaimable;

        // Fixed-point arithmetic for more precision
        uint256 scalingFactor = 1e18;

        for (uint256 epoch = lastClaimedForEpoch[user] + 1; epoch < currentEpoch; epoch++) {
            if (totalYeetVolume[epoch] == 0) continue; // Avoid division by zero

            uint256 userVolume = userYeetVolume[epoch][user];
            uint256 totalVolume = totalYeetVolume[epoch];

            uint256 userShare = (userVolume * scalingFactor) / totalVolume;

@>          uint256 maxClaimable = (epochRewards[epoch] / rewardsSettings.MAX_CAP_PER_WALLET_PER_EPOCH_FACTOR()); // max cap initially set to 30, so `maxClaimable` will be ~3.3% of epoch rewards
            uint256 claimable = (userShare * epochRewards[epoch]) / scalingFactor;

            if (claimable > maxClaimable) {
                claimable = maxClaimable;
            }

            totalClaimable += claimable;
        }

        return totalClaimable;
    }

Of course the owner is able to change the value by calling RewardSettings::setYeetRewardsSettings, but still I am letting you know about it, because code and docs don't match.

Another issue arises due to the fact, that MAX_CAP_PER_WALLET_PER_EPOCH_FACTOR value is the same for every epoch when calculating maxClaimable amount.

Consider this scenario:

current max cap is 30%, user yeets big amounts of BERA in several different epochs, expecting to receive 30% of total rewards for each epoch they participated in
user waits a few days before claiming, which can happen due to various reasons (it is not mentioned in docs that users can get punished for waiting before they claim)
owner changes the max cap to e.g. 10%. This can be done due to various reasons, such as community/protocol team decision, rewarding smaller game participants, etc.
when user tries to claim, claimable will get set to maxClaimable, which is 10% of epoch rewards, even though the user has shares that represent 30%+ of the rewards
user will get less rewards than they expected, due to owner being able to set the cap at any time and this cap being used for all previous epochs

Impact:

Users will get smaller than expected rewards.

Recommended Mitigation:

Consider implementing a mechanism where each epoch can have its own MAX_CAP_PER_WALLET_PER_EPOCH_FACTOR value, or at least make it clear in the documentation that this value can be changed at any time and that it affects all previous epochs.

Proof of Concept

N/A

Previous#41280 [SC-High] Permanent freezing of yield due to incorrect reward handling in `StakeV2` claim functions Next#41286 [SC-Critical] `accumulatedDeptRewardsYeet()` accounts for tokens under unstaking process

Was this helpful?

hashtagDescription

hashtagProof of Concept

Description

Proof of Concept