search

code-423n4 / 2022-06-infinity-findings

4 stars 0 forks source link

``rageQuit`` function can be called when ``totalStaked`` is 0 #315

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L193

Vulnerability details

Impact

Users can call rageQuit when there is nothing staked.

Proof of Concept

This part checks if totalStaked is more than and equal to 0.

https://github.com/code-423n4/2022-06-infinity/blob/main/contracts/staking/InfinityStaker.sol#L193

require(totalStaked >= 0, 'nothing staked to rage quit');

totalStaked is uint256, so require check always pass even though totalStaked is 0.

getRageQuitAmounts is used by rageQuit function. Therefore, it is possible that users can call rageQuit function when totalStaked is 0 which is not expected.

Tools Used

static code analysis

Recommended Mitigation Steps

Fix the condition used at the require check. If totalStaked should not be zero, it can simply do like this:

require(totalStaked != 0, 'nothing staked to rage quit');
HardlyDifficult commented 2 years ago

Fair improvement to consider, but no harm was identified. Lowering risk and merging with the warden's QA report #327