F-2025-0006·operational-risk
Manual reward funding mechanism poses operational risk
TL;DR
Contract relies entirely on manual reward funding with no monitoring events or low-balance threshold, exposing the protocol to operational coordination risk.
Severity
LOW
Impact
LOW
Likelihood
MEDIUM
Method
MManual review
CAT.
Complexity
LOW
Exploitability
LOW
02Section · Description
Description
The contract relies entirely on manual funding through the fundRewards() function:
solidity
function fundRewards(uint256 amount) external onlyOwner {require(amount > 0, "Amount must be greater than zero");stakingToken.safeTransferFrom(msg.sender, address(this), amount);emit RewardsFunded(msg.sender, amount);}
While it is expected that the team will fund rewards, relying solely on manual funding introduces operational risks:
- Human error in timing of funding.
- Key person risk if funding coordinator is unavailable.
- No automated top-up mechanism.
- No warning system for low balance.
03Section · Recommendation
Recommendation
Implement safety mechanisms around manual funding. Add monitoring events and a minimum balance threshold:
solidity
event LowBalance(uint256 currentBalance, uint256 threshold);uint256 public constant MIN_BALANCE_THRESHOLD = 1000e18;function checkBalance() public {if (stakingToken.balanceOf(address(this)) < MIN_BALANCE_THRESHOLD) {emit LowBalance(stakingToken.balanceOf(address(this)), MIN_BALANCE_THRESHOLD);}}
04Section · Resolution
Resolution
Ample Protocol: Fixed.
Zealynx: Verified. Both event for monitoring added and also the checkBalance function.
Status
Fixed
