search

code-423n4 / 2023-05-ajna-findings

2 stars 0 forks source link

The checks in StandardFunding#_getChallengeStageEndBlock is not consistent #386

Open code423n4 opened 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-grants/src/grants/base/StandardFunding.sol#L245

Vulnerability details

Impact

Users that call claimDelegateReward() may get their rewards at a faster time before proposal is passed its challenge state.

Proof of Concept

This is the check in StandardFunding#executeStandard() which checks that the distribution period and challenge period has ended before executing the proposal:

        // check that the distribution period has ended, and one week has passed to enable competing slates to be checked
        if (block.number <= _getChallengeStageEndBlock(_distributions[distributionId].endBlock)) revert ExecuteProposalInvalid();

This is the check in StandardFunding#claimDelegateReward()

        // Check if Challenge Period is still active
        if(block.number < _getChallengeStageEndBlock(currentDistribution.endBlock)) revert ChallengePeriodNotEnded();

The difference is in the <= vs < sign. Users can claim delegate rewards before the proposal is passed its challenge state.

Tools Used

Manual Review

Recommended Mitigation Steps

Change < to <= in delegateReward()

Assessed type

Invalid Validation

c4-judge commented 1 year ago

Picodes marked the issue as duplicate of #308

c4-judge commented 1 year ago

Picodes marked the issue as satisfactory

c4-judge commented 1 year ago

Picodes changed the severity to QA (Quality Assurance)