Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-05-vetoken/blob/main/contracts/VoterProxy.sol#:~:text=%7D-,function%20setOwner(address%20_owner)%20external%20%7B,%7D,-function%20deposit(
The if statement of the deposit function will never add incentive tokens because you calling _lockVeAsset which will always set incentiveVeAsset is set to 0.
deposit
_lockVeAsset
https://github.com/code-423n4/2022-05-vetoken/blob/main/contracts/VeAssetDepositor.sol#:~:text=sender%2C%20incentiveVeAsset)%3B-,incentiveVeAsset%20%3D%200%3B,-%7D
https://github.com/code-423n4/2022-05-vetoken/blob/main/contracts/VeAssetDepositor.sol#:~:text=%2C%20staker%2C%20_amount)%3B-,_lockVeAsset()%3B,if%20(incentiveVeAsset%20%3E%200)%20%7B,-//add%20the%20incentive
Manuel Review
Duplicate of #62
Disputed, the counter increases as other people deposit: https://github.com/code-423n4/2022-05-vetoken/blob/2d7cd1f6780a9bcc8387dea8fecfbd758462c152/contracts/VeAssetDepositor.sol#L151
Lines of code
https://github.com/code-423n4/2022-05-vetoken/blob/main/contracts/VoterProxy.sol#:~:text=%7D-,function%20setOwner(address%20_owner)%20external%20%7B,%7D,-function%20deposit(
Vulnerability details
Impact
The if statement of the
deposit
function will never add incentive tokens because you calling_lockVeAsset
which will always set incentiveVeAsset is set to 0.Proof of Concept
https://github.com/code-423n4/2022-05-vetoken/blob/main/contracts/VeAssetDepositor.sol#:~:text=sender%2C%20incentiveVeAsset)%3B-,incentiveVeAsset%20%3D%200%3B,-%7D
https://github.com/code-423n4/2022-05-vetoken/blob/main/contracts/VeAssetDepositor.sol#:~:text=%2C%20staker%2C%20_amount)%3B-,_lockVeAsset()%3B,if%20(incentiveVeAsset%20%3E%200)%20%7B,-//add%20the%20incentive
Tools Used
Manuel Review