Expired locks can still increase their unlock time and the new unlock_time does not factor in the duration the lock was inactive
Proof of Concept
Users can increase their unlock time via the increaseUnlockTime () function. In the increaseUnlockTime () function as shown below, there is no check to ensure that users only increase their unlock time when their lock has not yet expired as locked_.end > block.timestamp. This check only occurs when the locked_.delegatee == msg.sender
Alice locks 1000 tokens in the contract for 1 week.
Alice then delegates her locks to Bob
After 3 weeks, Alice locks are expired
Alice then on week 4 increases her locks and such her locked_.end += 5 weeks.
The contract would still accumulate her locks end without reducing the 3 weeks the locks were expired.
Tools Used
Manual Review
Recommended Mitigation Steps
Prohibit users to increase their lock duration when the locks are already expired.
Lines of code
https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/VotingEscrow.sol#L493-L523
Vulnerability details
Impact
Expired locks can still increase their unlock time and the new
unlock_time
does not factor in the duration the lock was inactiveProof of Concept
Users can increase their unlock time via the
increaseUnlockTime ()
function. In theincreaseUnlockTime ()
function as shown below, there is no check to ensure that users only increase their unlock time when their lock has not yet expired aslocked_.end > block.timestamp
. This check only occurs when thelocked_.delegatee == msg.sender
locked_.end += 5 weeks
.Tools Used
Manual Review
Recommended Mitigation Steps
Prohibit users to increase their lock duration when the locks are already expired.