sarangparikh22
commented
3 years ago Haha! Robert lol, however, the above checks doesn't break anything, the incentive is protected by the time check below it. It is non-critical issues.
Open code423n4 opened 3 years ago
sarangparikh22
commented
3 years ago Haha! Robert lol, however, the above checks doesn't break anything, the incentive is protected by the time check below it. It is non-critical issues.
alcueca
commented
2 years ago Let's be considerate of Robert's plight, and keep it as Low Risk knowing what happened.
sarangparikh22
commented
2 years ago @alcueca haha, agreed!
Handle
pauliax
Vulnerability details
Impact
I think the conditions should be inclusive '<=' here: require(position.liquidity < MAX_TICK_LIQUIDITY, "MAX_TICK_LIQUIDITY"); require(incentive.endTime + 5 weeks < incentive.expiry, "END_PAST_BUFFER"); and here the check should not be inclusive as the incentive ids start from 0 and thus incentiveCount is always bigger by 1: require(incentiveId <= incentiveCount[pool], "NOT_INCENTIVE");
Recommended Mitigation Steps
Review and update these conditions and be careful with such boundary checks (Robert Leshner cries in the corner).