Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Smart Vault>Low findings>Missing reward-configuration check
GeneralOverview
Findings
Medium (1)
Low (4)Missing reward-configuration checkDeposit-cap bypassUser rewards can be lostIncorrect tracking of staking amount
Informational (3)
DiscussionReentrancy guard modifier
Threat ModelWhat are threat models?RewardVault.solSmartVault.solSmartVaultManager.sol
Audit ResultsAssessment Results
Category: Code Maturity

Missing reward-configuration check

Low Impact
Low Severity
Low Likelihood

Description

There are three fields in RewardConfig: rewardRate, rewardStartTime, and rewardEndTime. While members of VaultConfig are verified in _checkVaultConfig, an equivalent validation does not exist for RewardConfig. The configuration should be validated to ensure rewardRate does not exceed the precision basis and that the end time is not earlier than the start time.

function updateRewardConfig(IERC20 rewardToken, RewardConfig memory rewardConfig) external onlyManager {
    _updateAllLastRewardPerToken();
    _rewardConfigs[rewardToken] = rewardConfig;

    emit RewardConfigUpdated(rewardToken, rewardConfig);
}

Impact

It could lead to overpayment of rewards or potential sanity-check failures in the RewardConfig.

Recommendations

Add validation for rewardRate and rewardEndTime in the _checkRewardConfig function.

Remediation

This issue has been acknowledged by River, and fixes were implemented in the following commits:

Zellic © 2025Back to top ↑