Platform: Code4rena
Start Date: 31/08/2023
Pot Size: $55,000 USDC
Total HM: 5
Participants: 30
Period: 6 days
Judge: hickuphh3
Total Solo HM: 2
Id: 282
League: ETH
Rank: 5/30
Findings: 1
Award: $2,318.70
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: bronze_pickaxe
2318.7003 USDC - $2,318.70
https://github.com/code-423n4/2023-08-livepeer/blob/main/contracts/bonding/BondingManager.sol#L355
BondingManager.sol have 2 mathUtils libraries, MathUtils use 1e6 as precision while PreciseMathUtils use 1e27 as precision.
Some variable use MathUtils while other use PreciseMathUtils which might cause confusion.
It happen with treasuryRewardCutRate variable which require PreciseMathUtils (comment) but mistakenly use MathUtils instead on this specific line
Function updateTranscoderWithFees() not workinga as intended and always revert when calling twice for current round.
// Deduct what would have been the treasury rewards uint256 treasuryRewards = MathUtils.percOf(rewards, treasuryRewardCutRate);//@audit M treasury rate is 1e27. Here it is 1e6 rewards = rewards.sub(treasuryRewards);//@note reward now send some percentage to treasury
treasuryRewardCutRate decimal value is 1e27 which suppose to use with PreciseMathUtils.percOf for all operation.
Like implemented in rewardWithHint() from same contract.
treasuryRewardCutRate is 0.1e27 in config
So this second line rewards = rewards - (rewards * treasuryRewardCutRate /1e6) always underflow and revert.
manual
Change MathUtils to PreciseMathUtils
// Deduct what would have been the treasury rewards uint256 treasuryRewards = PreciseMathUtils.percOf(rewards, treasuryRewardCutRate); rewards = rewards.sub(treasuryRewards);
Decimal
#0 - c4-pre-sort
2023-09-08T15:11:22Z
141345 marked the issue as duplicate of #165
#1 - c4-judge
2023-09-18T02:45:05Z
HickupHH3 changed the severity to 3 (High Risk)
#2 - c4-judge
2023-09-18T02:45:25Z
HickupHH3 marked the issue as satisfactory