Platform: Code4rena
Start Date: 27/05/2022
Pot Size: $75,000 USDC
Total HM: 20
Participants: 58
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 15
Id: 131
League: ETH
Rank: 4/58
Findings: 2
Award: $6,831.33
🌟 Selected for report: 1
🚀 Solo Findings: 1
Submitting as a high risk bug because it is equivalent to calling startInflation() which is a function reserved for only governance to call and it drastically alters token distribution
Bypass governance only call restriction and cause immediate inflation decay
The two main functions of startInflation() is to set lastEvent and lastInflationDecay to block.timestamp. startInflation() is restricted to allow governance to start inflation when it chooses. However these values can be set to block.timestamp by any user that calls executeInflationRateUpdate() because that function is not restricted to only governance. This allows any user to start inflation whenever they want. executeInflationRateUpdate() calls _executeInflationRateUpdate which sets lastEvent = block.timestamp in L189:
it also sets lastInflationDecay = block.timestamp in L212:
Additionally inflation decay will be immediately applied because L190 will return true because lastInflationDecay will still be at the default value of 0:
Add same lastEvent check as other functions in the contract
function executeInflationRateUpdate() external override returns (bool) { if (lastEvent == 0) return 0; return _executeInflationRateUpdate(); }
#0 - chase-manning
2022-06-08T07:56:44Z
duplicate of #99
#1 - GalloDaSballo
2022-06-18T23:32:51Z
Dup of #99
🌟 Selected for report: 0x52
2732.5332 USDC - $2,732.53
Unclaimed fees from pool will be stuck
When delisting a pool the pool's reference is removed from address provider:
Burning fees calls a dynamic list of all pools which no longer contains the delisted pool:
Since the list no longer contains the pool those fees will not be processed and will remain stuck in the contract
Call burnFees() before delisting a pool
#0 - GalloDaSballo
2022-06-22T16:52:10Z
The warden has shown how, by removing a pool before calling burnFees, the removed pool will not receive the portion of fees that it should.
Because this finding related to loss of yield, I believe Medium Severity to be appropriate