search

code-423n4 / 2021-12-pooltogether-findings

0 stars 0 forks source link

getRemainingRewards might fail unexpectedly #117

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

certora

Vulnerability details

getRemainingRewards might fail unexpectedly. getRemainingRewards calls _getRemainingRewards which calls _getCurrentEpochId:

function _getCurrentEpochId(Promotion memory _promotion) internal  view  returns (uint256) {
    // elapsedTimestamp / epochDurationTimestamp
    return (block.timestamp - _promotion.startTimestamp) / _promotion.epochDuration;
}

If block.timestamp < _promotion.startTimestamp, it will revert due to underflow.

Impact

any external call to getRemainingRewards will revert if the promotion is not started yet.

Recommended Mitigation Steps

check in _getRemainingRewards if the promotion started yet, if it didn't then return the entire amount.

PierrickGT commented 2 years ago

Duplicate of https://github.com/code-423n4/2021-12-pooltogether-findings/issues/102

dmvt commented 2 years ago

Duplicate of #101