Platform: Code4rena
Start Date: 23/06/2023
Pot Size: $60,500 USDC
Total HM: 31
Participants: 132
Period: 10 days
Judge: 0xean
Total Solo HM: 10
Id: 254
League: ETH
Rank: 98/132
Findings: 1
Award: $29.06
🌟 Selected for report: 0
🚀 Solo Findings: 0
29.0567 USDC - $29.06
https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/miner/ProtocolRewardsPool.sol#L73-L77 https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/miner/esLBRBoost.sol#L37-L45 https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/miner/ProtocolRewardsPool.sol#L87-L98
When user calls stake function in ProtocolRewardsPool.sol user's LBR token is burned and esLBR token is minted. However, user's lock status is never set. Unstake function expects user to have an unlockTime but for not existing address in mapping, return value is zero, so the esLBRBoost.getUnlockTime will be 0. As in the requirements for user to convert esLBR to LBR according to comments in file "The current time must be greater than the unlock time retrieved from the boost contract for the user". This requirement will always pass.
Protocol functionality may be omitted.
setLockStatus is implemented but never used
https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/miner/esLBRBoost.sol#L37-L45
unStake function uses esLBRBoost.getUnlockTime(msg.sender)
https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/miner/ProtocolRewardsPool.sol#L87-L98
Manual analysis, Vscode
Implement setLockStatus in stake function to keep track of user's data about lock status
Other
#0 - c4-pre-sort
2023-07-11T00:08:14Z
JeffCX marked the issue as duplicate of #838
#1 - c4-judge
2023-07-28T13:06:46Z
0xean marked the issue as duplicate of #773
#2 - c4-judge
2023-07-28T15:38:26Z
0xean marked the issue as satisfactory