Open code423n4 opened 2 years ago
WatchPug
For ended promotions, getCurrentEpochId() may return a epochId larger than numberOfEpochs.
getCurrentEpochId()
epochId
numberOfEpochs
If the result of this view method is to be used as parameters of claimRewards(), it may cause claimRewards() to fail.
claimRewards()
https://github.com/pooltogether/v4-periphery/blob/0e94c54774a6fce29daf9cb23353208f80de63eb/contracts/TwabRewards.sol#L276-L279
function _getCurrentEpochId(Promotion memory _promotion) internal view returns (uint256) { // elapsedTimestamp / epochDurationTimestamp return (block.timestamp - _promotion.startTimestamp) / _promotion.epochDuration; }
Consider checking if block.timestamp > _promotionEndTimestamp in _getCurrentEpochId() and return _promotion.numberOfEpochs - 1 for ended promotions.
block.timestamp > _promotionEndTimestamp
_getCurrentEpochId()
_promotion.numberOfEpochs - 1
Handle
WatchPug
Vulnerability details
For ended promotions,
getCurrentEpochId()may return aepochIdlarger thannumberOfEpochs.If the result of this view method is to be used as parameters of
claimRewards(), it may causeclaimRewards()to fail.https://github.com/pooltogether/v4-periphery/blob/0e94c54774a6fce29daf9cb23353208f80de63eb/contracts/TwabRewards.sol#L276-L279
Recommendation
Consider checking if
block.timestamp > _promotionEndTimestampin_getCurrentEpochId()and return_promotion.numberOfEpochs - 1for ended promotions.