Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-10-PALADIN-FINDINGS-ISSUES-75
HistoryOct 29, 2022 - 12:00 a.m.

_pledge function has mathematical calculation error

2022-10-2900:00:00
Code4rena
github.com
5
vulnerability
impact
code
context
mitigation
JSON

Lines of code

Vulnerability details

Impact

the mathematical formula is incorrect, which will lead to protocol insolvency

Proof of Concept

the original code is :

uint256 slope = amount / boostDuration;
        uint256 bias = slope * boostDuration;

        // Rewards are set in the Pledge as reward/veToken/sec
        // To find the total amount of veToken delegated through the whole Boost duration
        // based on the Boost bias & the Boost duration, to take in account that the delegated amount decreases
        // each second of the Boost duration
        uint256 totalDelegatedAmount = ((bias * boostDuration) + bias) / 2;

but according to the name of the variable and the code context, the bias should be amount - slope*boostDuration rather than slope * boostDuration, the latter one is nonsense.

On top of that, the total delegatedAmount shouldn’t be ((bias * boostDuration) + bias) / 2, it should be ((slope * boostDuration) + bias) / 2

Tools Used

Recommended Mitigation Steps

fix the code as previous mentioned way

The text was updated successfully, but these errors were encountered:

👎 1 trust1995 reacted with thumbs down emoji

All reactions

  • 👎 1 reaction
JSON