Closed code423n4 closed 11 months ago
Could be QA.
Inflated submission as there's no risk to the funds.
0xSorryNotSorry marked the issue as low quality report
To be quite frank, by 2106 there will be either a Moonwell v2+, or no Moonwell at all. Just because an scenario is possible, it doesn't mean it is probable.
alcueca marked the issue as unsatisfactory: Overinflated severity
Lines of code
https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/MultiRewardDistributor/MultiRewardDistributor.sol#L436-L439 https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/MultiRewardDistributor/MultiRewardDistributor.sol#L442-L445
Vulnerability details
Impact
The
MultiRewardDistributor._addEmissionConfig
function is used to add a newemission configuration
for aspecific market
. The_addEmissionConfig
function constructs theMarketConfig
configuration struct using the input parameters to the function. ThesupplyGlobalTimestamp
andborrowGlobalTimestamp
are set as follows:The both above parameter assignment use the
safe32
to make sure thatblock.timestamp
does not exceed32 bits
. If theblock.timestamp >= 2**32
the_addEmissionConfig
transaction will revert thus preventingonlyComptrollersAdmin
from adding a newemission configuration
for aspecific market
. Hence the maximum valueblock.timestamp
can hold will be upto2106-02-07 06:28:15 UTC
. After this point in time the_addEmissionConfig
functinality will be unusable.Proof of Concept
https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/MultiRewardDistributor/MultiRewardDistributor.sol#L436-L439
https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/MultiRewardDistributor/MultiRewardDistributor.sol#L442-L445
Tools Used
Manual Review and VSCode
Recommended Mitigation Steps
Hence it is recommended to
allow more bits
for theblock.timestamp
to hold its value in. Hencesafe32
can be replaced withsafe48
in theMultiRewardDistributor._addEmissionConfig
function, thus allowing2**48
for theblock.timestamp
which is enough duration for the protocol to operate without any broken functionality due to time contraints.Assessed type
Other