search

code-423n4 / 2022-08-fiatdao-findings

2 stars 1 forks source link

users could increase the unlock time as they want #243

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-08-fiatdao/blob/main/contracts/VotingEscrow.sol#L493-L508

Vulnerability details

Impact

The users can call increaseUnlockTime() every week and increase the unlock time to keep it always 365 days and this is will impact for the user's voting power

Proof of Concept

The user will call increaseUnlockTime() and passe block.timestamp + MAXTIME as param

Recommended Mitigation Steps

Add a minimum time before the user will be able to increaseUnlockTime()

lacoop6tu commented 2 years ago

This is an expected behaviour

gititGoro commented 2 years ago

The floorToWeek adjustment protects any griefing behaviour. It's unclear that a base user increasing their lock indefinitely is harmful to the protocol. Marking invalid.