Detailed description of the impact of this finding.
I noticed that the stake amount change in stake() is +=, which means that the project itself defaults to adding positions at the same duration, but the timestamp of the duration is overwritten by = directly!
e.g. Alice selected THREE_MONTHS for staking, and after some time Alice want to continue to add positions to THREE_MONTHS pledge, but the time is overwritten to the time of this position addition, which is extremely unreasonable, the correct timestamp calculation should start from position creation, so I think we should add a conditional judgment of position addition time here. For example, if the position is opened within a week, the timestamp of the original opening time will remain unchanged!
When unstake() is called to cancel a pledge, the timestamp is overwritten causing an abnormal delay in Alice's pledge unlock time. This is extremely unfair to the user, so I consider this a High-level issue.
function getVestedAmount(address user, Duration duration) public view returns (uint256) {
uint256 amount = userstakedAmounts[user][duration].amount;
uint256 timestamp = userstakedAmounts[user][duration].timestamp;
// short circuit if no vesting for this duration
if (timestamp == 0) {
return 0;
}
uint256 durationInSeconds = _getDurationInSeconds(duration);
uint256 secondsSinceStake = block.timestamp - timestamp;
return secondsSinceStake >= durationInSeconds ? amount : 0;
}
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
Tools Used
Recommended Mitigation Steps
Changed to the timestamp will not change if the position is added within a period of time (weeks).
Lines of code
https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L72 https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L262 https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L268
Vulnerability details
Impact
Detailed description of the impact of this finding.
I noticed that the stake amount change in stake() is
+=
, which means that the project itself defaults to adding positions at the same duration, but the timestamp of the duration is overwritten by=
directly!e.g. Alice selected
THREE_MONTHS
for staking, and after some time Alice want to continue to add positions toTHREE_MONTHS
pledge, but the time is overwritten to the time of this position addition, which is extremely unreasonable, the correct timestamp calculation should start from position creation, so I think we should add a conditional judgment of position addition time here. For example, if the position is opened within a week, the timestamp of the original opening time will remain unchanged!When unstake() is called to cancel a pledge, the timestamp is overwritten causing an abnormal delay in Alice's pledge unlock time. This is extremely unfair to the user, so I consider this a High-level issue.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
Tools Used
Recommended Mitigation Steps
Changed to the timestamp will not change if the position is added within a period of time (weeks).