Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-09-VENUS-FINDINGS-ISSUES-676
HistoryOct 04, 2023 - 12:00 a.m.

BLOCKS_PER_YEAR in Prime.sol should vary depending on leap and non-leap year

2023-10-0400:00:00
Code4rena
github.com
6
prime.sol
vulnerability
incomedistributionyearly
inputvalidation
chain
leapyear
nonleapyear
mitigationsteps
invalidvalidation

AI Score

7.2

Confidence

Low

JSON

Lines of code
<https://github.com/code-423n4/2023-09-venus/blob/b11d9ef9db8237678567e66759003138f2368d23/contracts/Tokens/Prime/Prime.sol#L109&gt;
<https://github.com/code-423n4/2023-09-venus/blob/b11d9ef9db8237678567e66759003138f2368d23/contracts/Tokens/Prime/Prime.sol#L974&gt;
<https://github.com/code-423n4/2023-09-venus/blob/b11d9ef9db8237678567e66759003138f2368d23/contracts/Tokens/Prime/Prime.sol#L978&gt;

Vulnerability details

Impact

Since BLOCKS_PER_YEAR is used for calculating the total income that’s going to be distributed in a year to prime token holders in the function _incomeDistributionYearly, an inadequate non-zero value for BLOCKS_PER_YEAR in terms of chain and/or leap/non-leap year can make the total income that’s going to be distributed in a year to prime token holders totally off - much more or far less than expected, which might be devastating for the protocol.

Proof of Concept

In the file Prime.sol there is an immutable variable named BLOCKS_PER_YEAR. The input validation for that variable checks against 0 value only, which is insufficient. The code will be deployed on various chains - BNB Chain, Ethereum mainnet, Arbitrum, Polygon zkEVM, opBNB and the the average block time varies among the chains, which means the number of blocks per year also varies among the different chains. What’s more, the number of blocks per year for the same chain varies depending on whether the year is leap or not - for example on Ethereum mainnet the average block time is ~ 12 seconds, a leap year has 1 day more than a non-leap year, which means in a leap year there will be ~7200 blocks more, which is a significant difference.

Tools Used

Manual review.

Recommended Mitigation Steps

A proper input validation for BLOCKS_PER_YEAR should be implemented. BLOCKS_PER_YEAR varies for different chains as well as for leap and non-leap years. The input validation should take into account the chain the code is deployed on as well as the year we are targeting - BLOCKS_PER_YEAR should be different for leap and non-leap years.

Assessed type

Invalid Validation

The text was updated successfully, but these errors were encountered:

All reactions

AI Score

7.2

Confidence

Low

JSON