Platform: Code4rena
Start Date: 13/12/2022
Pot Size: $36,500 USDC
Total HM: 5
Participants: 77
Period: 3 days
Judge: gzeon
Total Solo HM: 1
Id: 191
League: ETH
Rank: 25/77
Findings: 1
Award: $110.27
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Trust
Also found by: Apocalypto, Madalad, Matin, aga7hokakological, evan, kaliberpoziomka8552, mookimgo, poirots, subtle77, wagmi, yixxas
110.2711 USDC - $110.27
This breaks the protocol invariant of
REDRAW_TIMELOCK_NEEDS_TO_BE_LESS_THAN_A_MONTH()revert RECOVER_TIMELOCK_NEEDS_TO_BE_LESS_THAN_A_YEAR()We can set redraw timelock to 7 months
We can set recover timelock to 7 years. This is extremely unnecessary.
MONTH_IN_SECONDS is currently implemented this way uint256 immutable MONTH_IN_SECONDS = (3600 * 24 * 7) * 30
We are multiplying number of seconds in a week by 30, instead of multiplying number of seconds in a day by 30. This lead to an over computation of 7 times.
The affected part of the protocols are as mentioned above as they relies on the value of MONTH_IN_SECONDS.
Manual Review
Correct calculation should be
uint256 immutable MONTH_IN_SECONDS = (3600 * 24) * 30
#0 - c4-judge
2022-12-17T12:53:36Z
gzeon-c4 marked the issue as duplicate of #273
#1 - c4-judge
2022-12-17T12:53:59Z
gzeon-c4 marked the issue as satisfactory