Platform: Code4rena
Start Date: 22/09/2022
Pot Size: $30,000 USDC
Total HM: 12
Participants: 133
Period: 3 days
Judge: 0xean
Total Solo HM: 2
Id: 165
League: ETH
Rank: 4/133
Findings: 1
Award: $1,941.03
🌟 Selected for report: 0
🚀 Solo Findings: 0
1941.0279 USDC - $1,941.03
The withdrawal amount will be counted as part of the surplus asset balance mistakenly if block.timestamp >= rewardsCycleEnd.
function beforeWithdraw(uint256 assets, uint256 shares) internal override { super.beforeWithdraw(assets, shares); // call xERC4626's beforeWithdraw first if (block.timestamp >= rewardsCycleEnd) { syncRewards(); } }
storedTotalAssets will be deducted by the withdrawal amount in xERC4626.sol#beforeWithdraw().
At sfrxETH.sol#L50, when block.timestamp >= rewardsCycleEnd, syncRewards() will be called AFTER storedTotalAssets -= amount; (xERC4626.sol#L67).
In syncRewards(), storedTotalAssets will be used to calculate the rewards.
All surplus
assetbalance of the contract over the internal balance becomes queued for the next cycle.
uint256 storedTotalAssets_ = storedTotalAssets; uint256 nextRewards = asset.balanceOf(address(this)) - storedTotalAssets_ - lastRewardAmount_; storedTotalAssets = storedTotalAssets_ + lastRewardAmount_; // SSTORE
Consider calling syncRewards() before call xERC4626's beforeWithdraw.
#0 - FortisFortuna
2022-09-26T03:20:13Z
#1 - 0xean
2022-10-14T00:09:01Z
closing as dupe of #15