Platform: Code4rena
Start Date: 22/05/2024
Pot Size: $20,000 USDC
Total HM: 6
Participants: 126
Period: 5 days
Judge: 0xsomeone
Total Solo HM: 1
Id: 379
League: ETH
Rank: 48/126
Findings: 2
Award: $0.02
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: SpicyMeatball
Also found by: 0rpse, 0xMosh, 0xblack_bird, 0xdice91, 0xhacksmithh, 0xleadwizard, 0xmystery, Audinarey, AvantGard, Bigsam, Dots, EPSec, Eeyore, Janio, Limbooo, LinKenji, Mahmud, MrPotatoMagic, Myd, Oxsadeeq, Sabit, SovaSlava, Stefanov, Tychai0s, Utsav, Varun_05, Walter, adam-idarrha, ahmedaghadi, araj, aslanbek, ayden, bigtone, c0pp3rscr3w3r, carrotsmuggler, crypticdefense, dhank, fyamf, gajiknownnothing, gavfu, itsabinashb, jasonxiale, joaovwfreire, ke1caM, leegh, merlinboii, mitko1111, n4nika, pfapostol, prapandey031, rouhsamad, sandy, snakeeaterr, stakog, steadyman, swizz, tedox, th3l1ghtd3m0n, trachev, turvy_fuzz, xyz, yashgoel72, zhaojohnson
0.0105 USDC - $0.01
https://github.com/code-423n4/2024-05-munchables/blob/57dff486c3cd905f21b330c2157fe23da2a4807d/src/managers/LockManager.sol#L245-L272 https://github.com/code-423n4/2024-05-munchables/blob/57dff486c3cd905f21b330c2157fe23da2a4807d/src/managers/LockManager.sol#L381-L385
When we call LockManager::setLockDuration() to set the lock duration for a player's tokens there is a check we are not setting the lock time before current unlock time but despite that lock time can be before current unlock time because when we update the current unlocktime we use the last lock time timestamp instead of block.timestamp
Here is an example with just numbers
We are locking a token and setting last lock time equal to 10 (It is not time just a number for the example).
Last lock time = 10 Unlock time = 50
We are calling setLockDuration(duration = 35)
Current time = 20
In the check we have 35 + 20 = 55 > 50 => we dont set the lock time before the current unlock time, but when we set the new unlock time we have:
10 + 35 = 45 => new unlock time is 45 < 50
Mannual review
lockedTokens[msg.sender][tokenContract].unlockTime = block.timestamp + uint32(_duration);
Error
#0 - 0xinsanity
2024-05-30T22:52:47Z
#1 - CloudEllie
2024-05-31T16:55:05Z
Changing primary to #89 per Validators' recommendation
#2 - c4-judge
2024-06-05T12:52:22Z
alex-ppg marked the issue as partial-75
🌟 Selected for report: robertodf99
Also found by: 0xAadi, 0xAkira, 0xdice91, 0xhacksmithh, 0xleadwizard, AgileJune, Bauchibred, Bbash, Beosin, Bigsam, Dots, EPSec, EaglesSecurity, Eeyore, Evo, John_Femi, Mahmud, MrPotatoMagic, RotiTelur, Rushkov_Boyan, Sabit, Sentryx, Stormreckson, Topmark, Tychai0s, Utsav, Walter, ZanyBonzy, ZdravkoHr, adam-idarrha, araj, aslanbek, avoloder, bigtone, brevis, brgltd, carrotsmuggler, crypticdefense, dd0x7e8, dhank, djanerch, falconhoof, iamandreiski, joaovwfreire, leegh, merlinboii, mitko1111, pamprikrumplikas, pfapostol, prapandey031, swizz, trachev, twcctop, typicalHuman, unique, xyz
0.0148 USDC - $0.01
If a role approves a USD price proposal and then tries to disapprove it, an exception will be thrown. However, if a user first disapproves a proposal, they are still allowed to approve it afterward. This means a proposal can be approved and disapproved at the same time by the same role.
Add a check if a role has already disapproved the proposal in approveUSDPrice()
Invalid Validation
#0 - c4-judge
2024-06-05T12:42:47Z
alex-ppg marked the issue as satisfactory