Platform: Code4rena
Start Date: 08/03/2023
Pot Size: $60,500 USDC
Total HM: 2
Participants: 123
Period: 7 days
Judge: hansfriese
Id: 220
League: ETH
Rank: 107/123
Findings: 1
Award: $29.67
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xSmartContract
Also found by: 0x1f8b, 0x6980, 0xAgro, 0xSolus, 0xhacksmithh, 0xkazim, ABA, BPZ, BowTiedOriole, ChainReview, DadeKuma, DeFiHackLabs, Deathstore, DevABDee, Diana, Dravee, Dug, Englave, Go-Langer, Haipls, IceBear, Inspex, Jeiwan, Kek, Kresh, Madalad, MatricksDeCoder, MyFDsYours, RaymondFam, Rolezn, SAAJ, Sathish9098, Taloner, Udsen, Viktor_Cortess, atharvasama, ayden, brgltd, btk, carlitox477, catellatech, chaduke, codeislight, deadrxsezzz, descharre, erictee, fatherOfBlocks, favelanky, glcanvas, handsomegiraffe, jasonxiale, jekapi, joestakey, lemonr, luxartvinsec, martin, matrix_0wl, minhquanym, mrpathfindr, nadin, oyc_109, parsely, peanuts, pfedprog, rbserver, rokso, saian, santipu_, scokaf, slvDev, tsvetanovv, ubl4nk, ulqiorra, yamapyblack, zaskoh
29.6697 USDC - $29.67
_asssetType in stake and withdraw functionhttps://github.com/code-423n4/2023-03-neotokyo/blob/main/contracts/staking/NeoTokyoStaker.sol#L1204-L1207 https://github.com/code-423n4/2023-03-neotokyo/blob/main/contracts/staking/NeoTokyoStaker.sol#L1664-L1670
In the stake function there is a check to enforce the _assetType argument provided by the user to be less than 4. This check is actually wrong and should enforce _assetType to be less than 3 because there's only 4 types of asset so the last type will be index 3.
This causes that if a user provides an _assetType of 4 the check passes but it should revert because there's no asset with index 4.
This same issue also happens in the withdraw function, where the check enforces _assetType to be 0, 1, 3 or 4. An _assetType of value 4 should revert because there's no assset with index 4.
This issue doesn't affect the core functionality of the functions mentioned but it makes the code work not as intended.
// Validate that the asset being staked is of a valid type. if (uint8(_assetType) > 4) { revert InvalidAssetType(uint256(_assetType)); }
/* Validate that the asset being withdrawn is of a valid type. BYTES may not be withdrawn independently of the Citizen that they are staked into. */ if (uint8(_assetType) == 2 || uint8(_assetType) > 4) { revert InvalidAssetType(uint256(_assetType)); }
stake functionIn the stake function there's a redundant check that it's never going to revert. The code is the following:
// Validate that the asset being staked matches an active pool. if (_pools[_assetType].rewardWindows[0].startTime >= block.timestamp) { revert InactivePool(uint256(_assetType)); }
As the core dev of Neo Tokyo stated in the Discord:
"On reward windows: When we deploy, each asset pool array of reward windows will be guaranteed to have as its first element a reward window configured with a starting time of 0, as in the test cases."
https://discord.com/channels/810916927919620096/1083447614508384377/1084308890704945174
Following this statement, the check will never revert because _pools[_assetType].rewardWindows[0].startTime will always be zero so it can never be greater or equal than block.timestamp.
The check should be removed from the code to improve readability, reduce code size and avoid confusions.
#0 - c4-judge
2023-03-17T03:10:55Z
hansfriese marked the issue as grade-c
#1 - c4-judge
2023-03-24T14:45:51Z
hansfriese marked the issue as grade-b