Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-grants/src/grants/base/StandardFunding.sol#L245
claimDelegateReward revert when user try calling it while challenge is still active but this can still be passed if block.number == _getChallengeStageEndBlock(currentDistribution.endBlock) meaning can still be called on the same time challange preiod is to end but still active. This is because of a little error where the wrong operator was used. https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-grants/src/grants/base/StandardFunding.sol#LL245C118-L245C118
can be passed if block.number == _getChallengeStageEndBlock(currentDistribution.endBlock) meaning can still be called on the same time challange preiod is to end but still active. This is because of a little error where the wrong operator was used.
Visual Studio Code
Instead of <, use <= as it was correctly done here: https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-grants/src/grants/base/StandardFunding.sol#L355
Access Control
Picodes marked the issue as duplicate of #308
Picodes marked the issue as satisfactory
Picodes changed the severity to QA (Quality Assurance)
Lines of code
https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-grants/src/grants/base/StandardFunding.sol#L245
Vulnerability details
Impact
claimDelegateReward revert when user try calling it while challenge is still active but this can still be passed if block.number == _getChallengeStageEndBlock(currentDistribution.endBlock) meaning can still be called on the same time challange preiod is to end but still active. This is because of a little error where the wrong operator was used. https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-grants/src/grants/base/StandardFunding.sol#LL245C118-L245C118
Proof of Concept
can be passed if block.number == _getChallengeStageEndBlock(currentDistribution.endBlock) meaning can still be called on the same time challange preiod is to end but still active. This is because of a little error where the wrong operator was used.
Tools Used
Visual Studio Code
Recommended Mitigation Steps
Instead of <, use <= as it was correctly done here: https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-grants/src/grants/base/StandardFunding.sol#L355
Assessed type
Access Control