Platform: Code4rena
Start Date: 09/12/2022
Pot Size: $90,500 USDC
Total HM: 35
Participants: 84
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 12
Id: 192
League: ETH
Rank: 63/84
Findings: 1
Award: $40.75
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: HollaDieWaldfee
Also found by: 0xbepresent, 0xsomeone, Ruhum, ali_shehab, cccz, csanuragjain, kaliberpoziomka8552, rvierdiiev, sha256yan
40.7491 USDC - $40.75
https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Lock.sol#L84
As confirmed from Product team, totalLocked variable is used in UI for showing stats to User. It seems that while extending the lock, this value is not updated. This means UI will show lower Locked amount than actual. All calculations of incentives based on locked amount would also be incorrect and this also impacts investors interest in locking their amount
function extendLock( uint _id, uint _amount, uint _period ) public { address _asset = claim(_id); IERC20(_asset).transferFrom(msg.sender, address(this), _amount); bondNFT.extendLock(_id, _asset, _amount, _period, msg.sender); }
totalLocked[_asset] is not updated even when lock is extended by _amount . This is also not updated in bondNFT.extendLock. This means totalLocked[_asset] will show lower value than actualRevise the extendLock function as below:
function extendLock( uint _id, uint _amount, uint _period ) public { address _asset = claim(_id); totalLocked[_asset] += _amount; IERC20(_asset).transferFrom(msg.sender, address(this), _amount); bondNFT.extendLock(_id, _asset, _amount, _period, msg.sender); }
#0 - c4-judge
2022-12-22T01:59:02Z
GalloDaSballo marked the issue as duplicate of #264
#1 - c4-judge
2023-01-16T09:48:13Z
GalloDaSballo marked the issue as partial-25
#2 - c4-judge
2023-01-16T09:48:24Z
GalloDaSballo marked the issue as duplicate of #23
#3 - c4-judge
2023-01-23T09:21:25Z
GalloDaSballo changed the severity to 3 (High Risk)