Bent Finance Reward Accounting Bug

On December 21, 2021, the Convex-yield optimiser Bent Finance lost approximately $1.7 million through a reward-distribution accounting flaw. An address was able to claim rewards far exceeding its legitimate entitlement before the discrepancy was detected and the protocol paused.

What happened

Bent Finance distributed boosted Convex/Curve rewards to depositors. The reward-accounting logic mis-tracked claimable balances under certain interaction sequences, letting a participant withdraw rewards substantially in excess of what their deposit had earned. The community flagged anomalous outflows; the team paused distribution.

Aftermath

• Bent paused reward claims and investigated; partial recovery/return followed.
• Initial confusion over whether it was an exploit, an insider issue, or a bug — eventually attributed to the accounting flaw.

Why it matters

Bent Finance is another reward-accounting double-dip — the same class as Popsicle Finance and Level Finance. Reward-distribution math is deceptively hard: it must remain consistent across deposits, withdrawals, transfers, and claims, in every ordering. The catalogue shows this specific accounting surface failing repeatedly across years and protocols. The generalisation developers keep missing: a reward-claim is a withdrawal and demands withdrawal-grade rigor — checkpoint state before payout, prove the invariant "total claimed ≤ total accrued" holds under arbitrary call ordering, ideally via formal methods rather than example tests.