Upgraded Q -> 2 from #17 [1680620822176]

[c4-judge]

Judge has assessed an item in Issue #17 as 2 risk. The relevant finding follows:

[L-10] It is possible in theory that stakes get locked due to call to LockTo with very small reward amount I pointed out and explained in my report #7 MuteBond.sol: deposit function reverts if remaining payout is very small due to >0 check in dMute.LockTo function how the MuteBond.LockTo function reverts when it is called with an amount <= 52 Wei.

While in the MuteBond contract an attacker can actively make this situation occur and cause a temporary DOS, this is not possible in the MuteAmplifier contract.

The MuteAmplifier contract makes two calls to MuteBond.LockTo:

Link

if (reward > 0) { uint256 week_time = 60 60 24 * 7; IDMute(dToken).LockTo(reward, week_time ,msg.sender);

userClaimedRewards[msg.sender] = userClaimedRewards[msg.sender].add(
    reward
);
totalClaimedRewards = totalClaimedRewards.add(reward);

emit Payout(msg.sender, reward, remainder);

} Link

if (reward > 0) { uint256 week_time = 1 weeks; IDMute(dToken).LockTo(reward, week_time ,msg.sender);

userClaimedRewards[msg.sender] = userClaimedRewards[msg.sender].add(
    reward
);
totalClaimedRewards = totalClaimedRewards.add(reward);

} In theory there exists the possibility that the rewards that are paid out to a user are > 0 Wei and <= 52 Wei.

If at the endTime this is the case, the rewards will not increase anymore, making it impossible for the staker to withdraw his staked funds, which results in a complete loss of funds.

However with any reasonable value of totalRewards this is not going to occur. Actually it's a real challenge to make the contract output a reward of > 0 Wei and <= 52 Wei.

It might be beneficial to implement the following changes just to be safe:

diff --git a/contracts/amplifier/MuteAmplifier.sol b/contracts/amplifier/MuteAmplifier.sol index 9c6fcb5..37adc7f 100644 --- a/contracts/amplifier/MuteAmplifier.sol +++ b/contracts/amplifier/MuteAmplifier.sol @@ -242,7 +242,7 @@ contract MuteAmplifier is Ownable{ IERC20(muteToken).transfer(treasury, remainder); } // payout rewards

• if (reward > 0) {
• if (reward > 52) { uint256 week_time = 60 60 24 * 7; IDMute(dToken).LockTo(reward, week_time ,msg.sender);

@@ -284,7 +284,7 @@ contract MuteAmplifier is Ownable{ IERC20(muteToken).transfer(treasury, remainder); } // payout rewards

• if (reward > 0) {
• if (reward > 52) { uint256 week_time = 1 weeks; IDMute(dToken).LockTo(reward, week_time ,msg.sender); In case rewards are <= 52 Wei they will be lost. But they are worthless anyway.

[c4-judge]

Picodes marked the issue as duplicate of #22

[c4-judge]

Picodes marked the issue as satisfactory