Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/token/InfinityToken.sol#L60-L82
Epochs may effectively start later than they are planned.
If advanceEpoch() was invoked at a different time than the epoch start, following code will renew the current epoch counter:
advanceEpoch()
previousEpochTimestamp = block.timestamp;
While this should be:
previousEpochTimestamp += epochsPassedSinceLastAdvance * getEpochDuration();
It is also recommended to use cached values in the above code, against what's shown for clarity.
Manual analysis
That may be a nice improvement, so that epochs are more predictable. Lowering risk and merging with the warden's QA report https://github.com/code-423n4/2022-06-infinity-findings/issues/285
Lines of code
https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/token/InfinityToken.sol#L60-L82
Vulnerability details
Impact
Epochs may effectively start later than they are planned.
Proof of Concept
If
advanceEpoch()
was invoked at a different time than the epoch start, following code will renew the current epoch counter:While this should be:
It is also recommended to use cached values in the above code, against what's shown for clarity.
Tools Used
Manual analysis