Lucene search

K
code423n4Code4renaCODE423N4:2023-10-ASYMMETRY-MITIGATION-FINDINGS-ISSUES-38
HistoryOct 25, 2023 - 12:00 a.m.

M-05 Unmitigated

2023-10-2500:00:00
Code4rena
github.com
1
mitigation
delay
edge case
timestamp
cvx balance
withdrawal
attack
exploited
error
votiumstrategy

7 High

AI Score

Confidence

Low

Lines of code

Vulnerability details

Mitigation of M-05: Mitigation Error, see comments

Link to Issue: code-423n4/2023-09-asymmetry-findings#45

Comments

To mitigate M-05, the sponsor has added a delay of one epoch when the available CVX balance is enough to cover the withdrawal:

81:         uint256 totalLockedBalancePlusUnlockable = unlockable +
82:             trackedCvxBalance;
83: 
84:         if (totalLockedBalancePlusUnlockable >= cvxUnlockObligations) {
85:             withdrawIdToWithdrawRequestInfo[
86:                 latestWithdrawId
87:             ] = WithdrawRequestInfo({
88:                 cvxOwed: cvxAmount,
89:                 withdrawn: false,
90:                 epoch: currentEpoch + 1,
91:                 owner: msg.sender
92:             });
93:             emit WithdrawRequest(msg.sender, cvxAmount, latestWithdrawId);
94: 
95:             return latestWithdrawId;
96:         }

While the intention seems correct, the mitigation contains an edge case at the end of the current epoch. Since the current timestamp may be near the end of the epoch, any difference of at least one second will only delay the process for that minimal amount.

Note, additionally, that this can also happen even if the available CVX amount is not enough to cover the withdrawal amount: it might be the case that the next epoch provides the needed amount. If this is the case, the withdrawal epoch will be set for the next soon to happen epoch. In summary, any present or unlockable amount in the next epoch can be used to trigger the attack when the current timestamp is near the end of the current epoch.

This means the described issue in M-05 can still be exploited at the end of each epoch, since the attacker can still execute the process with minimal exposure to CVX. This error is expanded in issue [ADRIRO-NEW-H-01] (VotiumStrategy withdrawal can still be executed with minimal delay).

Assessed type

Other


The text was updated successfully, but these errors were encountered:

All reactions

7 High

AI Score

Confidence

Low