But there is no guarantee that the vested amount of the new vestingDistributor is greater than the previously saved amount after changing the distributor.
Furthermore, there is no option to change previouslyVested beside this declareReward() function and it will keep reverting unless the admin change back the distributor.
Tools Used
Manual Review
Recommended Mitigation Steps
I think it would resolve the above problem if we change the previous amounts as well while updating the distributor.
function setVestingDistributor(address _vestingDistributor, uint _previouslyVested, uint _previouslyVestedTimestamp)
external
onlyRoleMalt(ADMIN_ROLE, "Must have admin privs")
{
require(_vestingDistributor != address(0), "SetVestDist: No addr(0)");
vestingDistributor = IVestingDistributor(_vestingDistributor);
previouslyVested = _previouslyVested;
previouslyVestedTimestamp = _previouslyVestedTimestamp;
}
Lines of code
https://github.com/code-423n4/2023-02-malt/blob/main/contracts/RewardSystem/LinearDistributor.sol#L114 https://github.com/code-423n4/2023-02-malt/blob/main/contracts/RewardSystem/LinearDistributor.sol#L227
Vulnerability details
Impact
LinearDistributor.declareReward()
might revert after changingvestingDistributor
due to uint underflow.Proof of Concept
In
LinearDistributor.sol
, there is a setVestingDistributor() function to updatevestingDistributor
.And in
declareReward()
, it calculates thenetVest
andnetTime
by subtracting the previous amount and time.But there is no guarantee that the vested amount of the new
vestingDistributor
is greater than the previously saved amount after changing the distributor.Furthermore, there is no option to change
previouslyVested
beside this declareReward() function and it will keep reverting unless the admin change back the distributor.Tools Used
Manual Review
Recommended Mitigation Steps
I think it would resolve the above problem if we change the previous amounts as well while updating the distributor.