Olas - trachev's results

Lines of code

https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Tokenomics.sol#L1138-L1142

Vulnerability details

Impact

In the accountOwnerIncentives function of Tokenomics.sol pending rewards are only finalized if lastEpoch < curEpoch. Furthermore, through the checkpoint function, the current epoch cannot be updated if diffNumSeconds < curEpochLen || diffNumSeconds > ONE_YEAR. Therefore, in the edge case that checkpoint has not been called for a year, all of the donations from the last epoch will be lost as the if check in accountOwnerIncentives, responsible for finalizing pending donations, will always return false. As the chances of this happening are low but the impact would be high, due to the loss of funds, I have decided to mark this issue with medium severity.

Proof of Concept

Here we can see that _finalizeIncentivesForUnitId will only get called if the epoch has been updated:

if (lastEpoch > 0 && lastEpoch < curEpoch) {
   _finalizeIncentivesForUnitId(lastEpoch, unitTypes[i], unitIds[i]);
   // Change the last epoch number
   mapUnitIncentives[unitTypes[i]][unitIds[i]].lastEpoch = 0;
}

Tools Used

Manual review

Recommended Mitigation Steps

Implement a recovery mechanism in accountOwnerIncentives that checks if the difference of seconds since the last epoch is more than one year. In that case, a call to _finalizeIncentivesForUnitId` should also be made.

Assessed type

Other