Platform: Code4rena
Start Date: 03/05/2023
Pot Size: $60,500 USDC
Total HM: 25
Participants: 114
Period: 8 days
Judge: Picodes
Total Solo HM: 6
Id: 234
League: ETH
Rank: 107/114
Findings: 1
Award: $15.58
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: aviggiano
Also found by: 0xSmartContract, 0xTheC0der, 0xcm, ABAIKUNANBAEV, Audinarey, Audit_Avengers, BGSecurity, Bauchibred, Dug, Evo, Haipls, Jerry0x, TS, bytes032, devscrooge, kenta, ladboy233, mrvincere, patitonar, sakshamguruji, tsvetanovv
15.5756 USDC - $15.58
https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-core/src/RewardsManager.sol#L813-L815
Users can not claim the reward tokens which they have to earn when the RewardManager has no or fewer reward tokens.
In the test for the RewardManager, the reward token will be distributed in the following line. https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-core/tests/forge/unit/Rewards/RewardsDSTestPlus.sol#L270 and I guess, the team must transfer the reward tokens again when there are not enough reward tokens in the contract after claims by users.
It will be possible that the RewardManager has less or no reward tokens than the reward token that users can claim after repeating claims. When users try to claim the reward tokens in the situation, users will have fewer reward tokens than they can earn because of the following line. https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-core/src/RewardsManager.sol#L813-L815
For example, the transaction must be reverted when the contract does not have enough reward tokens. Or The RewardManager will store the pending reward tokens of users as a state variable, and users can claim later when the contract has enough reward tokens again.
Token-Transfer
#0 - c4-judge
2023-05-14T19:51:15Z
Picodes marked the issue as duplicate of #361
#1 - c4-judge
2023-05-29T20:58:27Z
Picodes marked the issue as satisfactory