Platform: Code4rena
Start Date: 09/12/2022
Pot Size: $90,500 USDC
Total HM: 35
Participants: 84
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 12
Id: 192
League: ETH
Rank: 45/84
Findings: 1
Award: $163.00
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: HollaDieWaldfee
Also found by: 0xbepresent, 0xsomeone, Ruhum, ali_shehab, cccz, csanuragjain, kaliberpoziomka8552, rvierdiiev, sha256yan
162.9965 USDC - $163.00
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Lock.sol#L89-L91 https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Lock.sol#L103
Users depositing tig assets to the bondNFT through the Lock contract could find themselves unable to release their funds. The only explanation the user would receive is an "Arithmetic over/underflow" error. This issue greatly deteriorates the user experience and usability of the platform.
Issue arises from the Lock-extendLock function not updating the totalLocked value for that particular tig asset. source This leads to Lock-release underflowing when the user tries to release their funds after the duration of the lock has passed. source
Foundry project directory which includes the failing test: https://github.com/sha256yan/tig Failing test is located in test/Lock.t.sol permalink
Foundry-rs
Remove the totalLocked mapping all-together, or keep it and update it in extendLock().
#0 - c4-judge
2022-12-21T15:02:29Z
GalloDaSballo marked the issue as duplicate of #23
#1 - c4-judge
2023-01-22T17:38:04Z
GalloDaSballo marked the issue as satisfactory