c4-judge
commented
1 year ago Picodes marked the issue as unsatisfactory: Invalid
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/RewardsManager.sol#L426-L464 https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/RewardsManager.sol#L435 https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/RewardsManager.sol#L435
Vulnerability details
Impact
There is uninitialized storage variables, specifically, the
rewardsClaimedvariable, which is being used in the_calculateNextEpochRewardsfunction without being initialized. This vulnerability could cause unexpected behavior, such as incorrect calculations or manipulation of data. The impact of the vulnerability depends on the specific smart contract and the importance of the affected variable to the contract's functionality.In this particular smart contract, the
rewardsClaimedvariable is used to calculate the amount of rewards that have been accumulated by a staked NFT in the next epoch. IfrewardsClaimedis not initialized, the calculated rewards could be incorrect, which could potentially result in a loss of funds for the user.Proof of Concept
The vulnerable code is located in the _calculateNextEpochRewards function of the smart contract.
As you can see, the claimedRewardsInNextEpoch variable is being assigned to the value of rewardsClaimed[nextEpoch], which could cause unexpected behavior if rewardsClaimed is not initialized.
Tools Used
vscode
Recommended Mitigation Steps
The
rewardsClaimedvariable in the smart contract, either by setting it to a default value or by setting it to a value provided by the user.Assessed type
DoS