The users can call increaseUnlockTime() every week and increase the unlock time to keep it always 365 days and this is will impact for the user's voting power
Proof of Concept
The user will call increaseUnlockTime() and passe block.timestamp + MAXTIME as param
Recommended Mitigation Steps
Add a minimum time before the user will be able to increaseUnlockTime()
The floorToWeek adjustment protects any griefing behaviour. It's unclear that a base user increasing their lock indefinitely is harmful to the protocol. Marking invalid.
Lines of code
https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L493-L508
Vulnerability details
Impact
The users can call
increaseUnlockTime()
every week and increase the unlock time to keep it always365 days
and this is will impact for the user's voting powerProof of Concept
The user will call
increaseUnlockTime()
and passeblock.timestamp + MAXTIME
as paramRecommended Mitigation Steps
Add a minimum time before the user will be able to
increaseUnlockTime()