#41492 [SC-Insight] Incorrect Reward Value Emitted in `executeRewardDistributionYeet` Function

Submitted on Mar 15th 2025 at 21:16:25 UTC by @chista0x for Audit Comp | Yeet

Report ID: #41492
Report Type: Smart Contract
Report severity: Insight
Target: https://github.com/immunefi-team/audit-comp-yeet/blob/main/src/StakeV2.sol
Impacts:
- Contract fails to deliver promised returns, but doesn't lose value

Description

Brief/Intro

In the executeRewardDistributionYeet function, the event RewardsDistributedToken0 is emitted with accRevToken0 as its parameter, which represents the total accumulated rewards rather than the actual amount distributed. This misrepresentation can lead to inaccurate off-chain tracking and analytics.

Vulnerability Details

The function calculates the accumulated rewards (accRevToken0) and ensures that the swap's inputAmount does not exceed this total. However, when approving tokens and executing the swap, only swap.inputAmount is actually intended to be used for the distribution. Despite this, the event is emitted with accRevToken0:

emit RewardsDistributedToken0(accRevToken0, rewardIndex);

This means that the emitted event logs a value that does not accurately reflect the amount of tokens that were actually processed through the swap. As a result, any external monitoring systems or analytics relying on these event logs will have misleading data regarding reward distribution.

Impact Details

Misleading Event Data: The event log reports an inflated reward amount, which could confuse off-chain analytics, user interfaces, or other monitoring tools.
Inaccurate Accounting: Relying on these events for auditing purposes or reward calculations may lead to discrepancies in tracking the actual funds distributed.
Reduced Transparency: The discrepancy undermines the transparency of the reward distribution process, potentially affecting stakeholder trust.

Recommendation

To ensure that the event accurately reflects the actual tokens used for the reward distribution, update the event emission to use swap.inputAmount instead of accRevToken0. The modified code should be:

emit RewardsDistributedToken0(swap.inputAmount, rewardIndex);

This adjustment will provide a correct representation of the reward distribution and improve off-chain monitoring and auditing processes.

References:

StakeV2.sol

Proof of Concept

Proof of Concept (POC)

The core issue can be observed in the following snippet:

uint256 accRevToken0 = accumulatedDeptRewardsYeet();
// ... token approval and swap execution using swap.inputAmount ...
emit RewardsDistributedToken0(accRevToken0, rewardIndex);

Here, although swap.inputAmount is the correct amount intended for the distribution, accRevToken0 (which could be greater) is being emitted, leading to a mismatch in the reported reward amount.

Previous#41488 [SC-Insight] In `StakeV2.sol` there exists a critical flaw that allows adversaries to earn more rewards than should be possible for a period of having staked minimal tokens.Next#41511 [SC-Low] The contract calculates the `minimumYeetPoint` using the Pot going to the winner instead of the whole Pot.

Was this helpful?

hashtagDescription

hashtagBrief/Intro

hashtagVulnerability Details

hashtagImpact Details

hashtagRecommendation

hashtagReferences:

hashtagProof of Concept

hashtagProof of Concept (POC)