Pledge creator can extend pledge without paying in edge cases.
When pledge creators wants to extend their pledges, they must transfer an additional reward amount and fee:
uint256 totalRewardAmount = (pledgeParams.rewardPerVote * pledgeParams.votesDifference * addedDuration) / UNIT;
uint256 feeAmount = (totalRewardAmount * protocalFeeRatio) / MAX_PCT ;
However, since totalRewardAmount is calculated using integer division, totalRewardAmount (and feeAmount) could be 0 in edge cases
where pledgeParams.rewardPerVote * pledgeParams.votesDifference * addedDuration < UNIT.
The function then go ahead and transfer totalRewardAmount, feeAmount to WardenPledge contract and chestAddress and also increase pledge duration without checking if totalRewardAmount or feeAmount > 0:
if(totalRewardAmount > maxTotalRewardAmount) revert Errors.IncorrectMaxTotalRewardAmount();
if(feeAmount > maxFeeAmount) revert Errors.IncorrectMaxFeeAmount();
// Pull all the rewards in this contract
IERC20(pledgeParams.rewardToken).safeTransferFrom(creator, address(this), totalRewardAmount);
// And transfer the fees from the Pledge creator to the Chest contract
IERC20(pledgeParams.rewardToken).safeTransferFrom(creator, chestAddress, feeAmount);
// Update the Pledge parameters in storage
pledgeParams.endTimestamp = safe64(newEndTimestamp);
pledgeAvailableRewardAmounts[pledgeId] += totalRewardAmount;
Since many ERC20 tokens does not revert when user try to send 0 amount, this means user can extend their pledges without actually transferring
award amount and fee to the WardenPledge contract.
Manual review.
I recommend before transferring reward amount and fee, do check to make sure totalRewardAmount and feeAmount > 0.
The text was updated successfully, but these errors were encountered:
All reactions