Minimum amount of claimYield
does not work as intended
Description
The following is the code of the claimYield
function:
uint256 constant HUNDRED_DOLLARS = 1e19;
// ...
function claimYield() external nonReentrant onlyClaimer {
uint256 claimable = paymentToken.getClaimableAmount(address(this));
if (claimable > HUNDRED_DOLLARS) {
uint256 balanceBefore = paymentToken.balanceOf(address(this));
paymentToken.claim(address(this), claimable);
uint256 balanceAfter = paymentToken.balanceOf(address(this));
require(balanceAfter > balanceBefore, "CLAIM_DIDNT_INCREASE_BALANCE");
emit ClaimedYield(balanceAfter - balanceBefore);
}
}
This code seems to enforce the minimum amount of claiming to be higher than a hundred dollars. However, this is misleading:
It is assumed that the payment token is USDB; however, it can be changed through the
setPaymentToken
function.The constant
HUNDRED_DOLLARS
refers to 1e19, which would be 10 for the tokens with 18 decimals.
Impact
If the payment token of the contract is changed, this may affect the functionality of the claimYield
function depending on the price of the new payment token.
This finding also documents the typo of the code affecting the logic.
Recommendations
Consider making the minimum amount of claiming to be configurable and changing the name or the value of the variable.
Remediation
Blast Futures notified us that they were previously aware of the typo issue. Blast Futures also stated that they do not expect to change the payment token unless it is required to do so due to a major event, and they would deploy the new contract if it breaks the functionality of the existing contract.