search

code-423n4 / 2022-12-tigris-findings

8 stars 4 forks source link

[NAZ-M1] Missing Checks That Could Lead To Issues #577

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/BondNFT.sol#L57

Vulnerability details

Impact

The createLock() function is used by a manager contract to create a bond. It has a counter part function called extendLock() which is used to extend the lock period and/or amount of a bond. extendLock() has a check require(bond.period+_period <= 365, "MAX PERIOD"); which makes sure the bond doesn't go over a year. However, createLock() is missing this check and a bond could be created with a greater than a year period.

Tools Used

Manual Review

Recommended Mitigation Steps

Consider adding require(bond.period+_period <= 365, "MAX PERIOD"); to createLock() to prevent this.

GalloDaSballo commented 1 year ago

Lock can be created to last more than a year, valid finding.

Unsure about impact

TriHaz commented 1 year ago

https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Lock.sol#L66 Lock can't be created with greater than a year period.

c4-sponsor commented 1 year ago

TriHaz marked the issue as sponsor disputed

GalloDaSballo commented 1 year ago

Agree with the sponsor

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Invalid