search

code-423n4 / 2023-05-ajna-findings

2 stars 0 forks source link

Expiration Time Not Checked in moveStakedLiquidity Function #449

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/RewardsManager.sol#L135-L198

Vulnerability details

Impact

Liquidity moves are time-sensitive operations and the duration within which they are executed is crucial. If a user sets the expiry time to 0, it means that there is no expiration time set for the liquidity move. This can potentially allow the liquidity move to be completed at any time. Due to significant market movements a user might be at a greater the risk of loss since liquidity moves remain open for a long period.

Proof of Concept

    function moveStakedLiquidity(
        uint256 tokenId_,
        uint256[] memory fromBuckets_,
        uint256[] memory toBuckets_,
        uint256 expiry_
    ) external nonReentrant override {

setting the value of expiry_ to 0 indicates that no expiry time has been set for the transaction. This means that the transaction will remain valid indefinitely, unless some other mechanism is used to cancel or expire it

Tools Used

Manual Analysis

Recommended Mitigation Steps

check the expiry time provided by the user against the current block.timestamp.

Assessed type

Invalid Validation

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Invalid