search

code-423n4 / 2021-12-pooltogether-findings

0 stars 0 forks source link

`createPromotion()` Consider adding `require(_tokensPerEpoch > 0)` #94

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

WatchPug

Vulnerability details

https://github.com/pooltogether/v4-periphery/blob/0e94c54774a6fce29daf9cb23353208f80de63eb/contracts/TwabRewards.sol#L88-L116

function createPromotion(
    address _ticket,
    IERC20 _token,
    uint216 _tokensPerEpoch,
    uint32 _startTimestamp,
    uint32 _epochDuration,
    uint8 _numberOfEpochs
) external override returns (uint256) {
    _requireTicket(_ticket);

    uint256 _nextPromotionId = _latestPromotionId + 1;
    _latestPromotionId = _nextPromotionId;

    _promotions[_nextPromotionId] = Promotion(
        msg.sender,
        _ticket,
        _token,
        _tokensPerEpoch,
        _startTimestamp,
        _epochDuration,
        _numberOfEpochs
    );

    _token.safeTransferFrom(msg.sender, address(this), _tokensPerEpoch * _numberOfEpochs);

    emit PromotionCreated(_nextPromotionId);

    return _nextPromotionId;
}

In the current implementation of createPromotion(), _tokensPerEpoch is allowed to be 0, and it's not changeable after creation. As a result, the promotion will never be claimable.

Thus, adding a promotion with _tokensPerEpoch = 0 is totally a waste of gas, for the creator and users who try to claim it.

We suggest adding a requirement of _tokensPerEpoch > 0 to avoid wasting gas for adding and claiming promotions with 0 rewards.

PierrickGT commented 2 years ago

Duplicate of https://github.com/code-423n4/2021-12-pooltogether-findings/issues/29