FIAT DAO veFDT contest - 0xf15ers's results

Unlock liquidity for your DeFi fixed income assets.

General Information

Platform: Code4rena

Start Date: 12/08/2022

Pot Size: $35,000 USDC

Total HM: 10

Participants: 126

Period: 3 days

Judge: Justin Goro

Total Solo HM: 3

Id: 154

League: ETH

FIAT DAO

Findings Distribution

Researcher Performance

Rank: 40/126

Findings: 1

Award: $77.72

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository FIAT DAO

Findings Information

🌟 Selected for report: Aymen0909

Also found by: 0xSky, 0xf15ers, CertoraInc, JohnSmith, auditor0517, bin2chen, csanuragjain, scaraven, tabish, wagmi, yixxas

Labels

bug

duplicate

2 (Med Risk)

Awards

77.7206 USDC - $77.72

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/VotingEscrow.sol#L493

Vulnerability details

Impact

oldLocked and locked_ referes to same LockedBalance in increaseUnlockTime() while calling _checkpoint

Proof of Concept

  // See IVotingEscrow for documentation
    function increaseUnlockTime(uint256 _unlockTime)
    {
        ........
        LockedBalance memory locked_ = locked[msg.sender];
        uint256 unlock_time = _floorToWeek(_unlockTime); // Locktime is rounded down to weeks
        // Validate inputs
        uint256 oldUnlockTime = locked_.end;
        locked_.end = unlock_time;
        locked[msg.sender] = locked_;
        if (locked_.delegatee == msg.sender) {
            // Undelegated lock
            require(oldUnlockTime > block.timestamp, "Lock expired");
            LockedBalance memory oldLocked = _copyLock(locked_);
            oldLocked.end = unlock_time;
            _checkpoint(msg.sender, oldLocked, locked_); //here oldLocked and locked_ are same 
        }
.............
    }

Tools Used

Manual analysis

Recommended Mitigation Steps

oldLocked.end = oldUnlockTime

#0 - lacoop6tu
2022-08-16T14:01:17Z

Duplicate of #217

FIAT DAO veFDT contest - 0xf15ers's results

Unlock liquidity for your DeFi fixed income assets.

General Information

Findings Distribution

Researcher Performance

External Links

[M-04] checkpointing of same state values in `increaseUnlockTime()` - $77.72

Findings Information

Labels

Awards

External Links

Lines of code

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - lacoop6tu2022-08-16T14:01:17Z

#0 - lacoop6tu
2022-08-16T14:01:17Z