Platform: Code4rena
Start Date: 29/03/2022
Pot Size: $50,000 USDC
Total HM: 16
Participants: 42
Period: 5 days
Judge: 0xean
Total Solo HM: 9
Id: 105
League: ETH
Rank: 21/42
Findings: 1
Award: $560.49
π Selected for report: 0
π Solo Findings: 0
560.4852 USDC - $560.49
https://github.com/code-423n4/2022-03-paladin/blob/main/contracts/HolyPaladinToken.sol
Part of the stake can be withdrawn immediately at any time.
Ratio between COOLDOWN_PERIOD and UNSTAKE_PERIOD = 2 only and should be much higher (ex 5 or 10)
l.28 COOLDOWN_PERIOD = 864000; // 10 days ... UNSTAKE_PERIOD = 432000; // 5 days
Various algorithms exist that would allow users to optimize their withdrawal tactics. By using such tactics, stakers may be able to withdraw at least a part of the stake immediately.
Letβs assume that the values are the same as in tests: COOLDOWN_PERIOD == 1 hour and UNSTAKE_PERIOD == 30 minutes. Stakers can split their stake into 3 parts and call cooldown for one of them every 30 minutes. That would ensure that at least 1β3 of the stake can be withdrawn immediately at any time. And on average, more than 1β2 of the stake can be withdrawn immediately.
Remediation: Make sure that the COOLDOWN_SECONDS value is much larger than the UNSTAKE_WINDOW. This will make any cooldown optimization techniques less effective.
as seen in 'Aave Safety Module' Consensys Diligence Audit: https://consensys.net/diligence/audits/2020/09/aave-safety-module/#unhandled-return-values-of-transfer-and-transferfrom
l.1107 // Inspired by stkAAVE cooldown system function _getNewReceiverCooldown(...
original function: https://github.com/aave/safety-module/blob/3c8d5c30302c35239b6ea8c23ad3df36b485d7b6/contracts/stake/StakedToken.sol#L238
change UNSTAKE_PERIOD value to 172800 (2 days)
#0 - Kogaroshi
2022-04-02T19:08:09Z
Duplicate of https://github.com/code-423n4/2022-03-paladin-findings/issues/7 As stated in Issue #7, Unstake period is reduced to 2 days
#1 - 0xean
2022-04-11T15:41:17Z
closing as duplicate of #7