This means that if exactly _promotion.epochDuration seconds have elapsed since the start timestamp, then the current epoch is 1, and the 0th epoch is completed. However, there are the following lines of code in _calculateRewardAmount:
If exactly _promotion.epochDuration seconds have elapsed since the start timestamp, then this function will revert since the require has a > instead of a >=.
Thus there are two conflicting definitions of when an epoch ends. In the case of _getCurrentEpochId, it is when _promotion.epochDuration seconds elapse. In the case of _calculateRewardAmount, it is when more than_calculateRewardAmount seconds elapse. This only makes a difference in one exact second, but it is best to be consistent.
Handle
harleythedog
Vulnerability details
Impact
The implementation of
_getCurrentEpochIdis:This means that if exactly
_promotion.epochDurationseconds have elapsed since the start timestamp, then the current epoch is 1, and the 0th epoch is completed. However, there are the following lines of code in_calculateRewardAmount:If exactly
_promotion.epochDurationseconds have elapsed since the start timestamp, then this function will revert since the require has a>instead of a>=.Thus there are two conflicting definitions of when an epoch ends. In the case of
_getCurrentEpochId, it is when_promotion.epochDurationseconds elapse. In the case of_calculateRewardAmount, it is when more than_calculateRewardAmountseconds elapse. This only makes a difference in one exact second, but it is best to be consistent.Proof of Concept
See
_getCurrentEpochIdhere: https://github.com/pooltogether/v4-periphery/blob/b520faea26bcf60371012f6cb246aa149abd3c7d/contracts/TwabRewards.sol#L276See
_calculateRewardAmounthere: https://github.com/pooltogether/v4-periphery/blob/b520faea26bcf60371012f6cb246aa149abd3c7d/contracts/TwabRewards.sol#L289Tools Used
Inspection
Recommended Mitigation Steps
Change
to
in
_calculateRewardAmount.