The AMPLRebaser::constructor and AMPLRebaser::rebase functions will maintain the last_rebase_call based on the current block.timestamp rather than the actual UFragmentsPolicy::lastRebaseTimestampSec which can result in discrepancies in case a rebase timestamp is reported in the future.
Due to the off-chain nature of rebases, they are permitted to be in advance of a few seconds in the future which can result in this vulnerability manifesting.
Impact:
The likelihood of a future timestamp is relatively low and depends on blockchain activity, rendering this exhibit to be of minor severity.
Example:
constructor(IERC20 _ampl_token) {
ampl_token = _ampl_token;
last_ampl_supply = _ampl_token.totalSupply();
last_rebase_call = block.timestamp;
}
function rebase() external {
require(policy.lastRebaseTimestampSec() > last_rebase_call, "AMPLRebaser: Rebase not available yet");
uint256 new_supply = ampl_token.totalSupply();
last_rebase_call = block.timestamp;
_rebase(new_supply);
emit Rebase(last_ampl_supply, new_supply);
last_ampl_supply = new_supply;
}
Recommendation:
We advise the system to assign the UFragmentsPolicy::lastRebaseTimestampSec to the last_rebase_call in all cases, ensuring that multiple rebase operations cannot be performed in case a timestamp in the future has been reported.
AMP-01M: Incorrect Maintenance of Last Rebase Call
Description:
The
AMPLRebaser::constructorandAMPLRebaser::rebasefunctions will maintain thelast_rebase_callbased on the currentblock.timestamprather than the actualUFragmentsPolicy::lastRebaseTimestampSecwhich can result in discrepancies in case a rebase timestamp is reported in the future.Due to the off-chain nature of rebases, they are permitted to be in advance of a few seconds in the future which can result in this vulnerability manifesting.
Impact:
The likelihood of a future timestamp is relatively low and depends on blockchain activity, rendering this exhibit to be of minor severity.
Example:
Recommendation:
We advise the system to assign the
UFragmentsPolicy::lastRebaseTimestampSecto thelast_rebase_callin all cases, ensuring that multiple rebase operations cannot be performed in case a timestamp in the future has been reported.