Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-08-VERWA-FINDINGS-ISSUES-340
HistoryAug 10, 2023 - 12:00 a.m.

Misaligned Epoch Calculation for Reward Claims

2023-08-1000:00:00
Code4rena
github.com
4
vulnerability
impact
misaligned epochs
double-claiming
claiming gaps
mitigation
refactor epoch calculation
dynamic setting mechanism
security document
JSON

Lines of code

Vulnerability details

Impact

When users attempt to claim rewards, the contract calculates the claimEnd and subsequently updates the userClaimedEpoch using claimEnd + WEEK. This might result in misaligned epochs in scenarios where _claimUpToTimestamp is less than or more than a week. If not correctly aligned, users could potentially claim incorrect reward amounts or even double-claim for specific epochs.

Proof of Concept

Misaligned Epochs: When _claimUpToTimestamp is taken as less than a week, and the subsequent calculation of userClaimedEpoch[_market][lender] = claimEnd + WEEK; occurs, epochs can overlap, potentially allowing double-claiming.

Potential Claiming Gaps: If _claimUpToTimestamp is more than a week, there’s a risk of creating a gap where rewards for certain epochs might be skipped entirely.

Tools Used

Recommended Mitigation Steps

Refactor Epoch Calculation: Adjust the userClaimedEpoch setting mechanism to be dynamic based on the actual duration of _claimUpToTimestamp. This ensures alignment with expected epoch boundaries.

Assessed type

Other

The text was updated successfully, but these errors were encountered:

All reactions

JSON