Judge has assessed an item in Issue #139 as Medium risk. The relevant finding follows:
1. Buyouts that occur during the timestamp wrap will have valuation errors
The _blockTimestamp has a modulo applied, so at some point, there will be a timestamp with a value close to 2^32, followed by a timestamp close to zero. The _updateTWAV function does an unchecked subtraction of the two timestamps, so this will lead to an underflow, making the valuation based on a long time period rather than the actual one. Until more TWAV entries are added, valuations will be wrong
HardlyDifficult
commented
2 years ago
Judge has assessed an item in Issue #139 as Medium risk. The relevant finding follows:
1. Buyouts that occur during the timestamp wrap will have valuation errors
The
_blockTimestamphas a modulo applied, so at some point, there will be a timestamp with a value close to 2^32, followed by a timestamp close to zero. The_updateTWAVfunction does an unchecked subtraction of the two timestamps, so this will lead to an underflow, making the valuation based on a long time period rather than the actual one. Until more TWAV entries are added, valuations will be wrongThere is 1 instance of this issue:
https://github.com/code-423n4/2022-06-nibbl/blob/8c3dbd6adf350f35c58b31723d42117765644110/contracts/NibblVault.sol#L303-L305