Radiant Orchid Pike
medium
The contract incorrectly calculates the current reward to be distributed using rewards[vault].rewardAmount instead of maxReward. This leads to an inflated result as it considers both claimed rewards and rewards still available for distribution.
The contract uses the total reward amount (rewards[vault].rewardAmount) in the reward calculation instead of the maximum remaining reward (maxReward = rewards[vault].rewardAmount - rewards[vault].rewardPaid), leading to inaccurate reward distribution.
from the developers's comment
// Calculates ratio of timeframe to time since last harvest
// Uses this ratio to determine partial reward amount or extra reward amountpartial reward amount can be calculated using the ratio of timeframe to time since last harvest. https://github.com/sherlock-audit/2024-04-alchemix/blob/main/v2-foundry/src/utils/RewardRouter.sol#L38-L43 but partial reward amount should be calculated from the available reward and not from claimed rewards.
- Inaccurate Reward Distribution: Using
rewards[vault].rewardAmountinstead ofmaxRewardinflates the reward, leading to incorrect distribution. - Economic Impact: Incorrect reward calculation can affect the economic balance and integrity of the contract.
Manual Review
To ensure accurate reward distribution, update the calculation to use maxReward instead of rewards[vault].rewardAmount. This will provide a more precise calculation based on the actual remaining rewards to be distributed.