Platform: Code4rena
Start Date: 03/10/2023
Pot Size: $24,500 USDC
Total HM: 6
Participants: 62
Period: 3 days
Judge: LSDan
Total Solo HM: 3
Id: 288
League: ETH
Rank: 43/62
Findings: 1
Award: $4.94
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: adriro
Also found by: 0x3b, 0xAadi, 0xDING99YA, 0xTheC0der, 0xWaitress, 0xdice91, 100su, 3docSec, BRONZEDISC, BoRonGod, Eurovickk, GKBG, HChang26, IceBear, JP_Courses, MatricksDeCoder, Mike_Bello90, SovaSlava, Topmark, albahaca, cookedcookee, gzeon, hunter_w3b, kutugu, lukejohn, marqymarq10, matrix_0wl, orion, pep7siup, radev_sw, sces60107, taner2344, tpiliposian, wahedtalash77, xAriextz, zpan
4.9369 USDC - $4.94
https://github.com/code-423n4/2023-10-canto/blob/main/canto_ambient/contracts/callpaths/LiquidityMiningPath.sol#L65 https://github.com/code-423n4/2023-10-canto/blob/main/canto_ambient/contracts/callpaths/LiquidityMiningPath.sol#L74
The setConcRewards() and setAmbRewards() functions are public functions that lack checks on weekFrom and weekTo, allowing anyone to set past dates.
Ensure that weekFrom is greater than or equal to block.timestamp.
Timing
#0 - c4-pre-sort
2023-10-07T13:24:17Z
141345 marked the issue as duplicate of #4
#1 - c4-pre-sort
2023-10-07T13:37:04Z
141345 marked the issue as not a duplicate
#2 - c4-pre-sort
2023-10-07T13:37:12Z
141345 marked the issue as duplicate of #81
#3 - c4-pre-sort
2023-10-09T16:13:44Z
141345 marked the issue as sufficient quality report
#4 - c4-judge
2023-10-18T20:49:30Z
dmvt changed the severity to QA (Quality Assurance)
#5 - c4-judge
2023-10-18T22:40:16Z
dmvt marked the issue as grade-b