Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-08-POOLTOGETHER-FINDINGS-ISSUES-118
HistoryAug 07, 2023 - 12:00 a.m.

_computeRewardFraction logic looks susceptible to manipulation around the edges.

2023-08-0700:00:00
Code4rena
github.com
8
vulnerability
manipulation
full reward
mitigation steps
elapsed time
validation
JSON

Lines of code

Vulnerability details

Impact

if __auctionElapsedTime is 0, it returns the full reward fraction

Proof of Concept

The RewardLib.fractionalReward calculates the reward fraction linearly based on the elapsed time. When __auctionElapsedTime is 0, fractionalReward will return 1 (full rewards).
This can be manipulated by calling _computeRewardFraction with a low __auctionElapsedTime right after the new sequence starts.

Tools Used

Manual

Recommended Mitigation Steps

add validation in _computeRewardFraction to ensure __auctionElapsedTime is within expected range

Assessed type

Other

The text was updated successfully, but these errors were encountered:

All reactions

JSON