On 5.48 AM UTC, Inspex was informed by the KillSwitch team that some users were temporarily unable to claim their $KSW reward on KillSwitch Farm. Inspex worked together with KillSwitch to find the root cause and found that there is a flaw that allowed some users to withdraw more $KSW than they should, so the balance of $KSW in the contract was not enough. This issue has been promptly solved, and the missing $KSW was fully compensated by the KillSwitch team. Therefore, there is zero financial impact on the platform users.
In this article, we will explain about the issue, and how it was resolved.
Cause
KillSwitch’s farm smart contract (PronteraV2) has a feature called Withdraw Token that allows users to withdraw the staked token and swap it to any token in one transaction.
Users can use the Withdraw Token feature by calling the withdrawToken() function.
The withdrawToken() function will swap the farming tokens to the token that the user wants and transfer it to the user’s wallet. However, in the transfer process, the transfer amount is determined by the balance of the token in the contract as seen in line 1170. This is due to an incorrect assumption that all tokens in the smart contract are from the swapping.
Normally, no token is stored in the farm smart contract as all farming tokens are transferred to their respective pools. But as $KSW emission had started, $KSW has been regularly withdrawn from the reserve contract to the farm contract. Thus, the unclaimed reward stays in the farm smart contract.
When a user withdraws the farming token by using the Withdraw Token feature by selecting $KSW as the destination token, the unclaimed $KSW allocated for the users who staked in the farms will be combined with the withdrawn amount, causing the $KSW reward to be temporary insufficient for the other users to claim.
Impact on the Platform
Some of the $KSW rewards were improperly transferred to the users who used the Withdraw Token feature to withdraw as $KSW, so that amount was missing from the smart contract. This caused the users with high pending rewards to be unable to claim their rewards when the $KSW balance in the contract was low.
Mitigation Solution
The withdrawToken() function has an external function call to the juno contract which is used to swap the farming tokens to any token that users want to receive. The KillSwitch team has mitigated this issue by verifying the token that the users wish to receive is not $KSW when using the Withdraw Token feature in the juno contract. So, this issue has been resolved.
Compensation
The KillSwitch team has decided to compensate for the missing $KSW by buying the missing $KSW from the market and depositing it back into the farm smart contract, so there will be no financial impact on the platform users.
About Inspex
Inspex is formed by a team of cybersecurity experts highly experienced in various fields of cybersecurity. We provide blockchain and smart contract professional services at the highest quality to enhance the security of our clients and the overall blockchain ecosystem.
For any business inquiries, please contact us via Twitter, Telegram, contact@inspex.co
