Closed code423n4 closed 2 years ago
certora
getCurrentEpochId might behave unexpectedly. getCurrentEpochId calls _getCurrentEpochId:
function _getCurrentEpochId(Promotion memory _promotion) internal view returns (uint256) { // elapsedTimestamp / epochDurationTimestamp return (block.timestamp - _promotion.startTimestamp) / _promotion.epochDuration; }
If the promotion is over, it'll return an epoch that doesn't exist in the promotion.
any external call to getCurrentEpochId will behave unexpectedly if the promotion is over.
revert if the promotion is over.
Duplicate of https://github.com/code-423n4/2021-12-pooltogether-findings/issues/109
PierrickGT
commented
2 years ago PierrickGT
commented
2 years ago
Handle
certora
Vulnerability details
getCurrentEpochId might behave unexpectedly. getCurrentEpochId calls _getCurrentEpochId:
If the promotion is over, it'll return an epoch that doesn't exist in the promotion.
Impact
any external call to getCurrentEpochId will behave unexpectedly if the promotion is over.
Recommended Mitigation Steps
revert if the promotion is over.