Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2021-10-COVALENT-FINDINGS-ISSUES-15
HistoryOct 19, 2021 - 12:00 a.m.

Unable to redeem rest funds if deposited reward is not multiplier of allocatedTokensPerEpoch

2021-10-1900:00:00
Code4rena
github.com
6
JSON

Handle

xYrYuYx

Vulnerability details

Impact

Owner will deposit any amount of reward if amount is greater than allocatedTokensPerEpoch.
This means that it is possible that owner can sent amount which is not multiplier of allocatedTokensPerEpoch.
For example, when allocatedTokensPerEpoch is 1 CQT, owner can deposit 5.5 CQT.
In this case 5 CQT can be redeemed during 5 epoch, but 0.5 CQT will be forever locked in the contract.

#Proof of Concept
This is my test script to proof that.

The reason is that solidity division is for only uint, and if there is decimals, it will round them off.
<https://github.com/code-423n4/2021-10-covalent/blob/main/contracts/DelegatedStaking.sol#L93&gt;

Tools Used

Hardhat test

Recommended Mitigation Steps

Transfer exact amount from owner.
can change Line 96 to transferToContract(msg.sender, newEpoch * allocatedTokensPerEpoch);
Here newEpoch is amount / allocatedTokensPerEpoch;

The text was updated successfully, but these errors were encountered:

All reactions

JSON