When calculating or paying rewards the updateReward(address) modifier is checking if now is greater than the specified local periodFinish then it calls mintFarmingReward at the global farm.
However every user can call mintFarmingReward() in the global farm with any arbitrary parameters - for instance a user can set _period to 3 days here while the local Farm still thinks that period is equal to 1 day as it is hardcoded in the rewardsDuration = 1 day variable.
periodFinish is only updated here based on rewardsDuration which is not anyhow related to the state of the global Farm contract which is a critical vulnerability that can be exploited to effectively freeze contract.
Dexaran
commented
2 years ago
Here is a requirement for the timestamp to be greater than
nextMint[_localFarm]nextMintvalue for the local farm is updated based on _period parameter of the function called: https://github.com/SoyFinance/smart-contracts/blob/main/Farming/SOYGlobalFarm.sol#L173When calculating or paying rewards the updateReward(address) modifier is checking if
nowis greater than the specified local periodFinish then it calls mintFarmingReward at the global farm.However every user can call mintFarmingReward() in the global farm with any arbitrary parameters - for instance a user can set _period to 3 days here while the local Farm still thinks that period is equal to 1 day as it is hardcoded in the rewardsDuration = 1 day variable.
periodFinish is only updated here based on rewardsDuration which is not anyhow related to the state of the global Farm contract which is a critical vulnerability that can be exploited to effectively freeze contract.