PierrickGT
commented
2 years ago Yes, we could do a better job at naming this function.
That being said, considering that a promotion is active between the moment it is created and the end of the promotion, won't have any undesirable impact, since we should be able to cancel or extend a promotion before it has even started.
For this reason, I've acknowledged the issue but we won't make any changes to the _requirePromotionActive function.
Handle
certora
Vulnerability details
the comment of _requirePromotionActive is Determine if a promotion is active. However, it doesn't check whether the promotion started. Therefore, if the promotion didn't start yet, it will not revert.
Impact
extendPromotion can be called even if the promotion is not active (if it didn't start yet)
Recommended Mitigation Steps
check whether the promotion started in _requirePromotionActive