lucas-manuel
commented
3 years ago This is intended, not a bug.
Closed code423n4 closed 3 years ago
lucas-manuel
commented
3 years ago This is intended, not a bug.
Handle
0xRajeev
Vulnerability details
Impact
The require statement on L120 of StakeLocker.sol checks if the newLockupPeriod is ‘<=‘ current lockupPeriod presumably to ensure that pool delegate cannot suddenly increase it to lock up stakes funds longer than initially agreed. However, without any validation, this could be accidentally set to a new value that is lower than desired e.g. 0. Because of the
<=check, this can only be reduced later and never increased without contract redeployment.Proof of Concept
https://github.com/maple-labs/maple-core/blob/355141befa89c7623150a83b7d56a5f5820819e9/contracts/StakeLocker.sol#L113-L123
Tools Used
Manual analysis
Recommended Mitigation Steps
Perform input validation on newLockupPeriod e.g. != 0 or not less than some bound.