Orbiting Sangria Porpoise
High
The following check inside extractRewardsNoRequire() should be modified as follows to include the debt reward while comparing with rwd_threshold. Identical logic exists inside lstToNuma() and numaToLst():
function extractRewardsNoRequire() internal {
if (block.timestamp >= (last_extracttimestamp + 24 hours)) {
(
uint256 rwd,
uint256 currentvalueWei,
uint256 rwdDebt
) = rewardsValue();
- if (rwd > rwd_threshold) {
+ if (rwd + rwdDebt > rwd_threshold) {
extractInternal(rwd, currentvalueWei, rwdDebt);
}
}
}Consider the following flow:
rwd_thresholdis set as1 ether. Note that currently it's set at0but can be readily changed by the owner calling setRewardsThreshold()- Inside vault, total rEth value in ETH is
8 ETH(for ease of calculation, let's say 1 rEth = 8 ETH) - A 25% rebase occurs pushing rEth value to
10 ETH. Vault can be updated viaupdateVault()which internally callsextractRewardsNoRequire()if 24 hours have passed since the last update. We'll assume it has been more than 24 hours. - Case 1:
- No debts.
updateVault() --> extractRewardsNoRequire() --> rewardsValue()is called.rwdis evaluated as2 etheranddebtRwd = 0.- Since
rwd > rwd_thresholdistrue,extractInternal()will be called, rewards distributed andlast_lsttokenvalueWeiwill be updated to the new price of10 ETH
- Case 2:
- Debt value = 6 ETH.
updateVault() --> extractRewardsNoRequire() --> rewardsValue()is called.rwdis evaluated as0.8 etheranddebtRwd = 1.2 ether.- Since
rwd > rwd_thresholdisfalse,extractInternal()will be not be called, rewardsFromDebt is not incremented on L358, rewards not distributed, andlast_lsttokenvalueWeinot updated to the new price of10 ETH- In case of lstToNuma() and numaToLst(),
refValueis not updated tocurrentvalueWei
- In case of lstToNuma() and numaToLst(),
Stale values used if vault has debt, leading to incorrect accounting across the protocol.
Add rwdDebt to rwd whenever comparing with rwd_threshold:
- if (rwd > rwd_threshold) {
+ if (rwd + rwdDebt > rwd_threshold) {