Closed code423n4 closed 2 years ago
pauliax
There are some validations that could be enforced on createPromotion:
epochDuration should be > 0 to prevent division by zero error in _getCurrentEpochId. 0 duration would make it impossible to cancel the promotion.
_tokensPerEpoch * _numberOfEpochs should be > 0 to prevent spam of 0 token promotions.
_numberOfEpochs should be < 256. Also, in extendPromotion, _extendedNumberOfEpochs should be < 256.
Consider enforcing proposed validations to make the codebase more robust.
Duplicate of https://github.com/code-423n4/2021-12-pooltogether-findings/issues/29
PierrickGT
commented
2 years ago PierrickGT
commented
2 years ago
Handle
pauliax
Vulnerability details
Impact
There are some validations that could be enforced on createPromotion:
epochDuration should be > 0 to prevent division by zero error in _getCurrentEpochId. 0 duration would make it impossible to cancel the promotion.
_tokensPerEpoch * _numberOfEpochs should be > 0 to prevent spam of 0 token promotions.
_numberOfEpochs should be < 256. Also, in extendPromotion, _extendedNumberOfEpochs should be < 256.
Recommended Mitigation Steps
Consider enforcing proposed validations to make the codebase more robust.