[Lines of code](https://github.com/code-423n4/2023-01-ondo/blob/main/contracts/cash/CashManager.sol#L95-L103) # Vulnerability details ## Impact This wrong calculation logic for the currentEpochStartTimestamp lead to the situation the currentEpoch that the wrong result is assigned will be stored into the storages in the several functions (in the CashManager.sol). ## Proof of Concept Epoch parameters ( currentEpoch , epochDuration , currentEpochStartTimestamp ) are defined like this: [CashManager.sol#L95-L103]() /// @dev Epoch Parameters // Epoch that contract is currently in uint256 public currentEpoch; // Duration of an epoch in seconds uint256 public epochDuration; // Timestamp of the start of currentEpoch uint256 public currentEpochStartTimestamp; The currentEpochStartTimestamp is calculated in the constructor of CashManager.sol [CashManager.sol#L174-L176]() /// @notice constructor constructor( ... currentEpochStartTimestamp = block.timestamp - (block.timestamp % epochDuration); ... ) However, (block.timestamp % epochDuration) above calculates currentEpoch . As a result, the result of block.timestamp - currentEpoch is assigned into the currentEpochStartTimestamp . This is wrong. Example). * Let's say block.timestamp = 1673573885 (UTC - 01:38 AM, Jan 13, 2022) * epochDuration = 604800 (1 week / 7 days) * block.timestamp % epochDuration is 1673573885 % 604800 * This result is about 2767 * This is currentEpoch (current number of epoch). Thus, the result above means that the currentEpoch is the 2767th of epoch. * block.timestamp - (block.timestamp % epochDuration) is 1673573885 - 2767 * This result above that will be assigned into the currentEpochStartTimestamp is the result of block.timestamp - currentEpoch . Same calculation logic is used in the CashManager.sol# transitionEpoch() function [CashManager.sol#L583-L586]() function transitionEpoch() public { /// @audit - The result of calculation for the "currentEpochStartTimestamp" is used for the calculation for the "epochDifference" like below: uint256 epochDifference = (block.timestamp - currentEpochStartTimestamp) / epochDuration; if (epochDifference > 0) { currentRedeemAmount = 0; currentMintAmount = 0; currentEpoch += epochDifference; /// @audit - "epochDifference" is added to "currentEpoch" /// @audit - Same calculation logic for "currentEpochStartTimestamp" is also used below: currentEpochStartTimestamp = block.timestamp - (block.timestamp % epochDuration); } } The result of calculation for the currentEpochStartTimestamp is used for the calculation for the epochDifference like above. ([CashManager.sol#L577-L578]()) Then, if the condition of (epochDifference > 0) is passed, the epochDifference calculated above will be added to currentEpoch . ([CashManager.sol#L582]()) Thus, if the calculation for the currentEpochStartTimestamp is wrong, the result of epochDifference is also wrong. And then, the epochDifference that wrong result is assigned would be added into the currentEpoch . The currentEpoch that wrong result is assigned above is used for several lines in the CashManager.sol. For example, The currentEpoch that wrong result is assigned above is stored into the mintRequestsPerEpoch storage in the requestMint() function like this: [CashManager.sol#L221]() function requestMint( ... mintRequestsPerEpoch[currentEpoch][msg.sender] += depositValueAfterFees; ... } Also, The currentEpoch that wrong result is assigned above is stored into the redemptionInfoPerEpoch storage in the requestRedemption() function like this: [CashManager.sol#L678-L681]() function requestRedemption( ... redemptionInfoPerEpoch[currentEpoch].addressToBurnAmt[ msg.sender ] += amountCashToRedeem; redemptionInfoPerEpoch[currentEpoch].totalBurned += amountCashToRedeem; ... } In addition to that, transitionEpoch() function is called inside the updateEpoch() modifier that is used almost of functions such as requestMint() function, requestRedemption() function, etc. [CashManager.sol#L557-L560]() modifier updateEpoch() { transitionEpoch(); _; } This means that every time the wrong calculation logic for the currentEpochStartTimestamp is run and the currentEpoch that wrong result is assigned is stored into the storages above in the functions that the updateEpoch()modifier is used. ## Tools Used Manual Review ## Recommended Mitigation Steps Consider fixing the calculation logic for the currentEpochStartTimestamp in the constructor() and transitionEpoch() of the CashManager.sol like this: /// @notice constructor constructor( ... currentEpoch = block.timestamp % epochDuration; if ((currentEpoch * epochDuration) >= block.timestamp) { uint256 currentEpochEndTimestamp = currentEpoch * epochDuration; currentEpochStartTimestamp = currentEpochEndTimestamp - epochDuration; } else if ((currentEpoch * epochDuration) < block.timestamp) { uint256 previousEpochEndTimestamp = currentEpoch * epochDuration; currentEpochStartTimestamp = previousEpochEndTimestamp + 1; } ... } function transitionEpoch() public { ... if (epochDifference > 0) { ... currentEpoch = block.timestamp % epochDuration; if ((currentEpoch * epochDuration) >= block.timestamp) { uint256 currentEpochEndTimestamp = currentEpoch * epochDuration; currentEpochStartTimestamp = currentEpochEndTimestamp - epochDuration; } else if ((currentEpoch * epochDuration) < block.timestamp) { uint256 previousEpochEndTimestamp = currentEpoch * epochDuration; currentEpochStartTimestamp = previousEpochEndTimestamp + 1; } } } --- The text was updated successfully, but these errors were encountered: All reactions