BLOCK_EPOCH and WEEK should not be mixed

2024-01-2600:00:00

Code4rena

github.com

vulnerability

lendingledger

canto

gauge

timestamp

alignment

mitigation

7.1 High

AI Score

Confidence

Low

JSON

Lines of code

Vulnerability details

Impact

Rewards and voting weights are aligned on a weekly basis. In contract LendingLedger, reward is recorded for each epoch(block.number). However, when calling gauge_relative_weight_write, we should actually pass a timestamp, or the weight cannot be retrieved correctly.

Proof of Concept

uint256 public constant BLOCK_EPOCH = 100_000; // 100000 blocks, roughly 1 week

            uint256 cantoReward = (blockDelta *
                    cantoPerBlock[epoch] *
                    gaugeController.gauge_relative_weight_write(_market, epoch)) / 1e18;

When calling gauge_relative_weight_write, we are passing the first block.number in the epoch. However, we should pass the first block.timestamp in the epoch.

uint256 public constant WEEK = 7 days;

function _gauge_relative_weight(address _gauge, uint256 _time) private view returns (uint256) {
    uint256 t = (_time / WEEK) * WEEK;
    uint256 total_weight = points_sum[t].bias;
    if (total_weight &gt; 0) {
        uint256 gauge_weight = points_weight[_gauge][t].bias;
        return (MULTIPLIER * gauge_weight) / total_weight;
    } else {
        return 0;
    }
}

Besides, although 100000 blocks is roughly 1 week, we cannot guarantee a precise match nor alignment, so we should only use one of BLOCK_EPOCH and WEEK.

Tools Used

Manual

Recommended Mitigation Steps

Only use one of BLOCK_EPOCH and WEEK.

Assessed type

Context

The text was updated successfully, but these errors were encountered:

All reactions

7.1 High

AI Score

Confidence

Low

JSON