Platform: Code4rena
Start Date: 28/09/2023
Pot Size: $36,500 USDC
Total HM: 5
Participants: 115
Period: 6 days
Judge: 0xDjango
Total Solo HM: 1
Id: 290
League: ETH
Rank: 47/115
Findings: 1
Award: $124.96
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: deth
Also found by: 0xDetermination, 0xpiken, 3agle, Brenzee, Flora, HChang26, KrisApostolov, Satyam_Sharma, Testerbot, aycozynfada, berlin-101, gkrastenov, mahdirostami, merlin, rokinot, rvierdiiev, said, santipu_, sl1, tapir, twicek
124.9633 USDC - $124.96
https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L331-L359
The issue() function for minting prime tokens only deletes staked time for revocable tokens, but doesn't delete staked time for newly issued irrevocable tokens. Thereby Enabling the minting of multiple irrevocable tokens on the same stake which can allow a user to accumulate multiple rewards based on a single stake.
When a user is issued a new prime token after staking for a sufficient amount of time, the 'stakedAt[users[i]]' mapping for users should be deleted or zeroed to prevent a re-issuance of prime tokens based on the same stake.
Although the staked time of users was deleted after issuing revocable tokens, https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L348-L359
it wasn't deleted or zeroed for irrevocable tokens issuance, https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L331-L346
This can lead to a situation whereby a user accumulates and withdraw multiple rewards based on just a single stake, eventually hindering other users from getting their rewards.
Manual review
'delete stakedAt[users[i]];' should be used to reset stake records after issuing irrevocable tokens.
DoS
#0 - c4-pre-sort
2023-10-04T23:56:26Z
0xRobocop marked the issue as duplicate of #633
#1 - c4-judge
2023-11-01T02:22:40Z
fatherGoose1 marked the issue as satisfactory