GalloDaSballo - M-01 Loss of Reward Tokens for AuraStaking
Closed this issue · 2 comments
sherlock-admin commented
GalloDaSballo
medium
M-01 Loss of Reward Tokens for AuraStaking
Summary
AuraStakingMixin
assumes extra rewards come from the gauge.
They will instead come from BaseRewardPool
Vulnerability Detail
Extra rewards for Aura are not coming from the gauge, but rather from the extraRewards
field in the RewardPool
Because of this, any additional reward token added via the Aura system will not be tracked, won't be claimed and will remain stuck in the BaseRewardPool
Impact
Loss of Yield for Additional tokens, Protocol X decides to Airdrop / Do liquidity mining in their own token.
Those tokens won't be claimable as they will be added to BaseRewardPool4626
and not to the Gauge.
Code Snippet
Tool used
Manual Review
Recommendation
Replace
function _rewardTokens() private view returns (IERC20[] memory tokens) {
uint256 rewardTokenCount = LIQUIDITY_GAUGE.reward_count() + 2;
tokens = new IERC20[](rewardTokenCount);
tokens[0] = BAL_TOKEN;
tokens[1] = AURA_TOKEN;
for (uint256 i = 2; i < rewardTokenCount; i++) {
tokens[i] = IERC20(LIQUIDITY_GAUGE.reward_tokens(i - 2));
}
}
With
function _rewardTokens() private view returns (IERC20[] memory tokens) {
uint256 rewardTokenCount = REWARDS_POOL. extraRewardsLenght() + 2;
tokens = new IERC20[](rewardTokenCount);
tokens[0] = BAL_TOKEN;
tokens[1] = AURA_TOKEN;
for (uint256 i = 2; i < rewardTokenCount; i++) {
tokens[i] = IERC20(REWARDS_POOL. extraRewards(i - 2));
}
}
jeffywu commented
jeffywu commented
This issue is invalid, the Aura liquidity gauge calls through to the BaseRewardPool.