Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-08-VERWA-FINDINGS-ISSUES-435
HistoryAug 10, 2023 - 12:00 a.m.

No need to stack lend pool to take lendlaunger rewards

2023-08-1000:00:00
Code4rena
github.com
8
lending rewards
exploitable bug
user manipulation
JSON

Lines of code

Vulnerability details

Impact

Lending lenger give reward tokens to users if they lend their tokens to selected pools. Lendingledger give rewards as weekly and it records user’s balance until end of the week(espacially thursday because 1 jan 1970 was thursday). But protocol records can be any record in the week anyvalue, protocol just look at the latest updated value in this week . In short a user can withdraw his tokens after thursday but if he stake his token before next thursday 00.00 he will benefit from tokens like stake tokens all week.

#Proof of Concept
pls paste this test to lendingLEdgerTest.sol and it can be seen that a malicious user can take same reward like all time staker when just stake his token just for two block time.

Tools Used

Recommended Mitigation Steps

Assessed type

Invalid Validation

The text was updated successfully, but these errors were encountered:

All reactions

JSON