Multiple updates of bucket exchange rates within a single block

[code423n4]

Lines of code

https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/RewardsManager.sol#L671-L731 https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/RewardsManager.sol#L701 https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/RewardsManager.sol#L768-L804

Vulnerability details

Impact

The check for the current block timestamp in the _updateBucketExchangeRates function is not properly implemented, which creates a vulnerability in the RewardsManager.sol contract. This could allow malicious actors to manipulate the exchange rate of the bucket multiple times within a single block and thereby gain an unfair advantage.

Proof of Concept

_updateBucketExchangeRates function, specifically in the conditional statement:

            if (block.timestamp <= curBurnTime + UPDATE_PERIOD) {

This code block allows the bucket exchange rates to be updated multiple times within the same block. https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/RewardsManager.sol#L768-L804

The issue with this block the conditional statement if (block.timestamp <= curBurnTime + UPDATE_PERIOD) does not check if the current block timestamp is greater than curBurnTime. This could allow for updating bucket exchange rates multiple times in the same block, which could potentially allow attackers to manipulate the exchange rate of the bucket multiple times within a single block and gain an unfair advantage.

Tools Used

vscode

Recommended Mitigation Steps

The conditional statement in the _updateBucketExchangeRates function should be modified to check if the current block timestamp is greater than curBurnTime before allowing the bucket exchange rate to be updated.

Assessed type

Timing

[c4-judge]

Picodes marked the issue as unsatisfactory: Invalid