ERROR IN UPDATING **_checkpoint** IN THE **increaseUnlockTime** FUNCTION #217
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L513-L514
Vulnerability details
Impact
The potentiel impact of this error are :
Proof of Concept
The error occured in this line :
https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L513
In the increaseUnlockTime function the oldLocked.end passed to the function _checkpoint is wrong as it is the same as the new newLock end time (called unlock_time) instead of being equal to oldUnlockTime .
In the given CheckpointMath.md file it is stated that checkpoint details for increaseUnlockTime function should be :
BUT with this error you get a different checkpoint details :
The error is illustrated in the code below :
The impact of this is when calculating the userOldPoint.bias in the _checkpoint function you get an incorrect value equal to userNewPoint.bias (because oldLocked.end == _newLocked.end which is wrong).
The wrong userOldPoint.bias value is later used to calculate and update the bias value for the new point in PointHistory.
And added to that the wrong oldLocked.end is used to get oldSlopeDelta value which is used to update the slopeChanges.
As the PointHistory and the slopeChanges values are used inside the functions balanceOfAt() , _supplyAt(), totalSupply(), totalSupplyAt() to calculate the voting power, THIS ERROR COULD GIVE WRONG VOTING POWER AT A GIVEN BLOCK OF A USER OR CAN GIVE WRONG TOTAL VOTING POWER.
Tools Used
Manual Audit
Recommended Mitigation Steps
The line 513 in the VotingEscrow.sol contract :
Need to be replaced with the following :
The text was updated successfully, but these errors were encountered: