c4-sponsor
commented
1 year ago RedVeil marked the issue as disagree with severity
Open code423n4 opened 1 year ago
c4-sponsor
commented
1 year ago RedVeil marked the issue as disagree with severity
c4-sponsor
commented
1 year ago RedVeil marked the issue as sponsor disputed
c4-judge
commented
1 year ago dmvt changed the severity to QA (Quality Assurance)
c4-judge
commented
1 year ago dmvt marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-01-popcorn/blob/d95fc31449c260901811196d617366d6352258cd/src/vault/Vault.sol#L35
Vulnerability details
Impact
Detailed description of the impact of this finding.
There is an incorrect value of the constant SECONDS_PER_YEAR, which should be in seconds not days
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
https://github.com/code-423n4/2023-01-popcorn/blob/d95fc31449c260901811196d617366d6352258cd/src/vault/Vault.sol#L35
Tools Used
Manual Review
Recommended Mitigation Steps
This should be changed to uint256 constant SECONDS_PER_YEAR = 31557600;