Platform: Code4rena
Start Date: 15/12/2022
Pot Size: $128,000 USDC
Total HM: 28
Participants: 111
Period: 19 days
Judge: GalloDaSballo
Total Solo HM: 1
Id: 194
League: ETH
Rank: 47/111
Findings: 2
Award: $184.55
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: immeas
Also found by: 0x73696d616f, 0xbepresent, 0xdeadbeef0x, V_B, unforgiven
184.5522 USDC - $184.55
https://github.com/code-423n4/2022-12-gogopool/blob/main/contracts/contract/MinipoolManager.sol#L257 https://github.com/code-423n4/2022-12-gogopool/blob/main/contracts/contract/MinipoolManager.sol#L675
When creating a minipool, the user can choose a value for the duration parameter. This value is later used for calculating the amount of slashing that occurs. However, the code does not include any checks using timestamps to verify the value of duration. This means that a malicious attacker could potentially manipulate the value of duration at the time of minipool creation in order to minimize the amount of GGP token slashing.
It is recommended to add checks using block timestamps to verify the value of validation duration, to prevent this type of attack and ensure the integrity of the minipools.
#0 - emersoncloud
2023-01-17T11:15:43Z
#1 - c4-judge
2023-02-02T15:36:04Z
GalloDaSballo marked the issue as duplicate of #492
#2 - GalloDaSballo
2023-02-02T15:36:22Z
In lack of detail, am awarding 50%
#3 - c4-judge
2023-02-02T15:36:30Z
GalloDaSballo marked the issue as partial-50