Handle

broccoli

Vulnerability details

Impact

The claimReward function of ConcentratedLiquidityPoolManager calculates the secondsUnclaimed variable using a formula with an unclear intention:

uint256 secondsUnclaimed = (maxTime - incentive.startTime) << (128 - incentive.secondsClaimed);

This formula causes an integer underflow error when incentive.secondsClaimed is greater than 128, which generally happens in most cases since incentive.secondsClaimed is scaled by a factor of 1 << 128. The integer underflow reverts the transaction and prevents anyone from claiming the reward.

Proof of Concept

Referenced code:
ConcentratedLiquidityPoolManager.sol#L93
ConcentratedLiquidityPoolManager.sol#L110

Recommended Mitigation Steps

Fix the calculation of secondsUnclaimed.

The text was updated successfully, but these errors were encountered:

All reactions