Platform: Code4rena
Start Date: 11/12/2023
Pot Size: $90,500 USDC
Total HM: 29
Participants: 127
Period: 17 days
Judge: TrungOre
Total Solo HM: 4
Id: 310
League: ETH
Rank: 125/127
Findings: 1
Award: $3.05
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: JCN
Also found by: 0xadrii, 0xaltego, 0xdice91, 0xivas, 0xpiken, Akali, AlexCzm, Chinmay, DanielArmstrong, HighDuty, Infect3d, Inference, KupiaSec, PENGUN, SECURITISE, Stormreckson, SweetDream, TheSchnilch, Timeless, Varun_05, XDZIBECX, alexzoid, asui, beber89, btk, carrotsmuggler, cats, cccz, developerjordy, ether_sky, grearlake, imare, jasonxiale, kaden, klau5, santipu_, serial-coder, sl1, smiling_heretic, stackachu, wangxx2026, whitehat-boys
3.0466 USDC - $3.05
When gaugeLoss is set previously in a term the block.timestamp is set as lastGaugeLoss for the term. When a user starts staking in a term that is previously set as lastGaugeLoss the userStake.lastGaugeLoss will have this timestamp. When a user unstakes this entry, it will still be marked as slashed, because it is not checked against the userStake entry. Resulting in lost of funds.
userStake.lastGaugeLoss is set to block.timestamp the term is marked as lossgetRewards method checks when Term gauge loss is applied
userStake.lastGaugeLoss is not yet defined. This happens at line 243.Foundry
To check the lastGaugeLoss against the UserStake, define userStake above the if statement
lastGaugeLoss = GuildToken(guild).lastGaugeLoss(term); + userStake = _stakes[user][term]; if (lastGaugeLoss > uint256(userStake.lastGaugeLoss)) { slashed = true; } -userStake = _stakes[user][term];
Error
#0 - c4-pre-sort
2023-12-29T15:12:54Z
0xSorryNotSorry marked the issue as sufficient quality report
#1 - c4-pre-sort
2023-12-29T15:13:07Z
0xSorryNotSorry marked the issue as duplicate of #1164
#2 - c4-judge
2024-01-28T20:12:30Z
Trumpero marked the issue as satisfactory
#3 - c4-judge
2024-01-31T13:46:45Z
Trumpero changed the severity to 3 (High Risk)