Platform: Code4rena
Start Date: 09/12/2022
Pot Size: $90,500 USDC
Total HM: 35
Participants: 84
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 12
Id: 192
League: ETH
Rank: 46/84
Findings: 1
Award: $163.00
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: HollaDieWaldfee
Also found by: 0xbepresent, 0xsomeone, Ruhum, ali_shehab, cccz, csanuragjain, kaliberpoziomka8552, rvierdiiev, sha256yan
162.9965 USDC - $163.00
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Lock.sol#L84-L92 https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Lock.sol#L73 https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Lock.sol#L103
Extending lock will block users' funds.
Contract: Lock.sol
Locking tokens with function lock(...) will update mapping mapping totalLocked for given asset with value of amount, here: totalLocked[_asset] += _amount. However, when extending lock with function extendLock(...) the mapping totalLocked is not updated. This blocks user funds, since to relea tokens with release(...) function, the released amount is subtracted in mapping totalLocked. This makes every amount passed in extendLock(...) not be able to release.
This may also allow malicious user to block other users' funds by locking tokens, extending lock with large amount and then releasing - other users will not be able to release their funds.
Manual review.
Consider updating mapping totalLocked on extending lock.
#0 - c4-judge
2022-12-21T15:02:32Z
GalloDaSballo marked the issue as duplicate of #23
#1 - c4-judge
2023-01-22T17:38:05Z
GalloDaSballo marked the issue as satisfactory