Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/farming/LPFarming.sol#L149 https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/farming/LPFarming.sol#L308
Setting the LPFarming pool allocPoint to a large value may cause _updatePool to overflow and if that were to happen then funds are unrecoverable.
allocPoint
_updatePool
Add this to the LPFarming.ts test suite:
LPFarming.ts
let blockNumber = await ethers.provider.getBlockNumber(); await farming.newEpoch(blockNumber + 1, blockNumber + 100000000000000, 100); await jpeg.transfer(contract.address, await jpeg.balanceOf(owner.address)); // Add a pool with a very large allocation await farming.add(ethers.constants.MaxInt256.div(100000), lpTokens[0].address); await lpTokens[0].transfer(alice.address, units(1000)); await lpTokens[0].transfer(bob.address, units(1000)); await lpTokens[0].approve(farming.address, units(10000)); await lpTokens[0].connect(alice).approve(farming.address, units(1000)); await lpTokens[0].connect(bob).approve(farming.address, units(1000)); // Pool accepts deposits await farming.deposit(0, units(100)); await mineBlocks(1000); // However claim reverts! await farming.claim(0); // Attempting to withdraw will revert as well await farming.withdraw(0, units(100));
Added a test to the current test suite.
Cap allocPoints in add and set to a reasonable max value so that pendingReward and _updatePool cannot overflow.
allocPoints
add
set
pendingReward
Duplicate of #58
As described in #58, even if this did occur, it could be immediately corrected. Invalid.
Lines of code
https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/farming/LPFarming.sol#L149 https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/farming/LPFarming.sol#L308
Vulnerability details
Impact
Setting the LPFarming pool
allocPoint
to a large value may cause_updatePool
to overflow and if that were to happen then funds are unrecoverable.Proof of Concept
Add this to the
LPFarming.ts
test suite:Tools Used
Added a test to the current test suite.
Recommended Mitigation Steps
Cap
allocPoints
inadd
andset
to a reasonable max value so thatpendingReward
and_updatePool
cannot overflow.