Lines of code
<https://github.com/code-423n4/2022-12-escher/blob/5d8be6aa0e8634fdb2f328b99076b0d05fefab73/src/minters/LPDAFactory.sol#L29-L42>
LPDA Sales can start reverting the buy() and refund() functions at some point of time if initialized with incorrect parameters (revert happens at getPrice() function).
Users might not be able to withdraw their excess balance using refund() function if getPrice() reverts.
Users will not be able to Buy if getPrice() reverts.
getPrice() will revert if startPrice is less than dropPerSecond * (endTime-startTime)
file: src/minters/LPDA.sol
startPrice = 100
dropPersecond = 10
endTime = 100
startTime = 0
// getPrice() function uses in buy() and refund()
function getPrice() public view returns (uint256) {
Sale memory temp = sale;
(uint256 start, uint256 end) = (temp.startTime, temp.endTime);
if (block.timestamp < start) return type(uint256).max;
if (temp.currentId == temp.finalId) return temp.finalPrice;
uint256 timeElapsed = end > block.timestamp ? block.timestamp - start : end - start;
return temp.startPrice - (temp.dropPerSecond * timeElapsed);
}
Add a require(sale.startPrice >= sale.dropPerSecond * (sale.endTime - sale.startTime)); after all require statements in createLPDASale()
file: src/minters/LPDAFactory.sol
function createLPDASale(LPDA.Sale calldata sale) external returns (address clone) {
...
require(sale.dropPerSecond > 0, "INVALID DROP PER SECOND");
+ require(sale.startPrice >= sale.dropPerSecond * (sale.endTime - sale.startTime), "Incorrect LPDA parameters");
...
}
The text was updated successfully, but these errors were encountered:
All reactions