search

code-423n4 / 2022-06-infinity-findings

4 stars 0 forks source link

Wrong stake level calculation #285

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L226-L238 https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L205-L224

Vulnerability details

Impact

Miscalculation of stake level can impact availability of some functions of the protocol for users, change their fee discount (funds loss) or change voting power (protocol's critical functionality).

Proof of Concept

Even if the user has suprassed the threshold for a stake level, they may not be on this stake level. For example, when the user has a half of the token more than the threshold, getUserStakePower() will return the value rounded down and getUserStakeLevel() will see the number at threshold, claiming that the stake level is lower than it really is.

Tools Used

Manual analysis

Recommended Mitigation Steps

Either use getUserStakeLevel() with raw amount of tokens (token wei) or claim that the user achieved the threshold when they have at least the THRESHOLD_AMOUNT, causing the rounding not to change the result.

nneverlander commented 2 years ago

Not sure if this is a high vuln. Closing as low.

HardlyDifficult commented 2 years ago

Potentially an off by 1 error due to rounding. This is a fair improvement consideration. Lowering risk and converting this into a QA report for the warden.

HardlyDifficult commented 2 years ago

Merging with https://github.com/code-423n4/2022-06-infinity-findings/issues/288 and https://github.com/code-423n4/2022-06-infinity-findings/issues/292 and https://github.com/code-423n4/2022-06-infinity-findings/issues/295