Back to lanrebayode77's contests

PoolTogether - lanrebayode77's results

A protocol for no-loss prize savings

General Information

Platform: Code4rena

Start Date: 07/07/2023

Pot Size: $121,650 USDC

Total HM: 36

Participants: 111

Period: 7 days

Judge: Picodes

Total Solo HM: 13

Id: 258

League: ETH

PoolTogether

Findings Distribution

Researcher Performance

Rank: 100/111

Findings: 1

Award: $15.92

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryPoolTogether

Findings Information

🌟 Selected for report: bin2chen

Also found by: 0x11singh99, 0xWaitress, 0xbepresent, ABAIKUNANBAEV, ArmedGoose, Bauchibred, DadeKuma, GREY-HAWK-REACH, GalloDaSballo, Inspecktor, Jeiwan, Kaysoft, MohammedRizwan, Rolezn, Vagner, alexzoid, alymurtazamemon, ayden, banpaleo5, catellatech, dacian, erebus, eyexploit, fatherOfBlocks, grearlake, joaovwfreire, keccak123, kutugu, lanrebayode77, markus_ether, nadin, naman1778, rvierdiiev, squeaky_cactus, volodya, yixxas

Awards

15.9228 USDC - $15.92

Labels

bug
downgraded by judge
grade-b
QA (Quality Assurance)
Q-05

External Links

Link to GitHub issue

Lines of code

https://github.com/GenerationSoftware/pt-v5-twab-controller/blob/0145eeac23301ee5338c659422dd6d69234f5d50/src/TwabController.sol#L29-L31 https://github.com/GenerationSoftware/pt-v5-twab-controller/blob/0145eeac23301ee5338c659422dd6d69234f5d50/src/TwabController.sol#L142-L145 https://github.com/GenerationSoftware/pt-v5-twab-controller/blob/0145eeac23301ee5338c659422dd6d69234f5d50/src/libraries/TwabLib.sol#L435-L446

Vulnerability details

Impact

The PERIOD_OFFSET has many important use cases and since it was stated in the comment that it has to be in the past, then it must never be in the future, as it will affect the output of many function it is being passed as a parameter into.

Proof of Concept

No check to ensure that PERIOD_OFFSET can only be in the past, so there lies a possibility that the deployer could set it into the future.

  constructor(uint32 _periodLength, uint32 _periodOffset) {
    PERIOD_LENGTH = _periodLength;
    PERIOD_OFFSET = _periodOffset;
  }

Tools Used

Manual review.

Subtract some time from the current timestamp to give the PERIOD_OFFSET, this gives a better assurance that it will always be in the past.

  constructor(uint32 _periodLength, uint32 _periodOffsetSeconds) {
    PERIOD_LENGTH = _periodLength;
    PERIOD_OFFSET = block.timestamp - _periodOffsetSeconds;
  }

Assessed type

Timing

#0 - c4-judge

2023-07-18T18:39:11Z

Picodes changed the severity to QA (Quality Assurance)

#1 - c4-judge

2023-08-08T14:31:37Z

Picodes marked the issue as grade-a

#2 - c4-judge

2023-08-08T14:31:42Z

Picodes marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter