Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-07-MOONWELL-FINDINGS-ISSUES-346
HistoryJul 31, 2023 - 12:00 a.m.

The project's reputation and user funds can be affected if a clear invariant is not met

2023-07-3100:00:00
Code4rena
github.com
6
reputation
user funds
invariant
protocol
loss of confidence
leap year
error
mitigation
JSON

Lines of code

Vulnerability details

Vulnerability details

Impact

The protocol may not work as expected in years that are not 365 days long, which could lead to a loss of confidence in the protocol. In fact, the next year is one of those years (leap year).

Furthermore, defining it as a constant in the contract is an invariant that can clearly lead to errors in the protocol.

Proof of Concept

JumpRateModel.sol

20:  uint public constant timestampsPerYear = 60 * 60 * 24 * 365;

Tools Used

Manual review

Recommended Mitigation Steps

The variable should not be constants, and there should be additional measures in case a year has 366 days like the next year will.

Assessed type

Other

The text was updated successfully, but these errors were encountered:

All reactions

JSON