code-423n4 / 2022-06-infinity-findings

4 stars 0 forks source link

Having one of the `*_MONTH_PENALTY` equal to zero will make the `rageQuit` function revert #238

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L195-L198) https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L369-L371

Vulnerability details

Impact

rageQuit function call the getRageQuitAmounts to know the amount of penalties that will go to Treasury.

To do that, for each different vested period amount it will divide that value by the corresponding month penalty.

If one of those penalty is equal to zero, the function (and so also rageQuit) will revert because of Division or modulo by 0.

If the rageQuit revert, it means that users can not unstake the vested token and need to wait for the whole vest time.

Proof of Concept

Possible revert on getRageQuitAmounts function
Value of penalties never checked updatePenalties

Tools Used

Manual review

Recommended Mitigation Steps

Add a check on the updatePenalties and check that all the penalties are not equal to 0.

HardlyDifficult commented 2 years ago

Fair consideration. Lowering risk and merging with the warden's QA report #239