c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #23
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #23
c4-judge
commented
1 year ago GalloDaSballo marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Lock.sol#L89-L91 https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Lock.sol#L103
Vulnerability details
Impact
Users depositing tig assets to the bondNFT through the Lock contract could find themselves unable to release their funds. The only explanation the user would receive is an "Arithmetic over/underflow" error. This issue greatly deteriorates the user experience and usability of the platform.
Issue arises from the Lock-extendLock function not updating the totalLocked value for that particular tig asset. source This leads to Lock-release underflowing when the user tries to release their funds after the duration of the lock has passed. source
Proof of Concept
Foundry project directory which includes the failing test: https://github.com/sha256yan/tig Failing test is located in test/Lock.t.sol permalink
Tools Used
Foundry-rs
Recommended Mitigation Steps
Remove the totalLocked mapping all-together, or keep it and update it in extendLock().