F-2025-0005·incorrect-reward-calculation

Flawed reward distribution mechanism causes pool depletion and DOS in NexaloStaking

Fixedrafflelotteryvrf
TL;DR

Rewards are calculated independently per user using hardcoded USD prices, not proportionally to the available WBTC pool, causing reward sums to exceed the pool balance and DoSing all subsequent stakes and unstakes.

Severity
HIGH
Impact
HIGH
Likelihood
MEDIUM
Method
MManual review
CAT.
Complexity
MEDIUM
Exploitability
HIGH
02Section · Description

Description

The NexaloStaking contract calculates WBTC rewards by converting individual users' NXL stake amounts to USD equivalents using hardcoded prices (1 NXL = $0.05, 1 WBTC = $50,000), then converting to WBTC. This approach has a fundamental design flaw: rewards are calculated independently per user based on USD values, not proportionally to the available WBTC reward pool.

solidity
function calculatePendingRewards(address user) public view returns (uint256) {
    uint256 timeStaked = block.timestamp - userStake.lastClaimTime;


    // Calculate 4% APY in NXL
    uint256 rewardsInNXL = (userStake.amount * APY_RATE * timeStaked) / (SECONDS_PER_YEAR * 10000);


    // Convert to WBTC using hardcoded ratio: 1 WBTC = 1,000,000 NXL
    uint256 rewardsInWBTC = (rewardsInNXL * 1e8) / (1_000_000 * 1e18);


    return rewardsInWBTC;
}

Vulnerable Scenario:

  1. Protocol stakes externally and earns 1 WBTC ($87,000 at current prices) in rewards
  2. Alice stakes 1M NXL → After 1 year, calculates 40k NXL reward (4% APY)
  3. Using hardcoded prices: 40k NXL * $0.05 = $2,000 → $2,000 / $50k = 0.04 WBTC
  4. Bob stakes 1M NXL → Same calculation → 0.04 WBTC reward
  5. Total claims: 0.08 WBTC, but pool only has 0.0115 WBTC (1 WBTC / 87k * 1000 per user)
  6. Alice claims successfully, Bob's claim reverts with "Insufficient WBTC"
  7. DOS: All subsequent stakes and unstakes fail because they call _claimRewards
03Section · Impact

Impact

Each time (which will be most of the time) the prices of these assets are not the exact hardcoded values, the staking contract will deliver more or less rewards than is expected.

Given the protocol distributes staking rewards each time a user tries to stake, if these rewards in absolute btc number (calculated with an undervalued btc) are more than the actual wbtc balance of the pool (calculated with the current market rate of btc), users won't be able to stake nor unstake.

04Section · Recommendation

Recommendation

  • Redesign the reward mechanism to use proportional distribution based on stake ratios rather than USD conversions.
05Section · Resolution

Resolution

Nexalo: Fixed.

Zealynx: Verified. Fixed.

Status
Fixed
ZEALYNX SECURITY · published 2025-12-22
F-2025-0005

oog
zealynx

Smart Contract Security Digest

Monthly exploit breakdowns, audit checklists, and DeFi security research — straight to your inbox

REQUEST AN AUDIT

Quick Links

Services

Company

Resources

© 2026 Zealynx