search

code-423n4 / 2023-07-pooltogether-findings

12 stars 7 forks source link

Twab can return 0 between 2 draws #342

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/GenerationSoftware/pt-v5-twab-controller/blob/0145eeac23301ee5338c659422dd6d69234f5d50/src/libraries/TwabLib.sol#L288-L321 https://github.com/GenerationSoftware/pt-v5-twab-controller/blob/0145eeac23301ee5338c659422dd6d69234f5d50/src/libraries/TwabLib.sol#L473-L534

Vulnerability details

Impact

Can produce undesired results in winner selection

Proof of Concept

function testGetNextOrNewestObservation2() public {

ObservationLib.Observation memory prevOrAtObservation;

ObservationLib.Observation memory prevOrAtObservation2;

uint32 t0 = PERIOD_OFFSET + 10 seconds;

uint32 t1 = PERIOD_OFFSET + PERIOD_LENGTH;

vm.warp(PERIOD_OFFSET);

vm.warp(t0);

twabLibMock.increaseBalances(100 ether, 100 ether);

vm.warp(t1);

twabLibMock.increaseBalances(100 ether, 100 ether);

prevOrAtObservation = twabLibMock.getPreviousOrAtObservation(t1-1);

prevOrAtObservation2 = twabLibMock.getPreviousOrAtObservation(t0+1);

emit log_named_decimal_uint("observation at t1-1",prevOrAtObservation.balance,18);

emit log_named_decimal_uint("observation at t0",prevOrAtObservation2.balance,18);

emit log_named_decimal_uint("observation at t1-1(cumulative)",prevOrAtObservation.cumulativeBalance,18);

emit log_named_decimal_uint("observation at t0 (cumulative)",prevOrAtObservation2.cumulativeBalance,18);

uint twab2 = twabLibMock.getTwabBetween(t0+1, t1-1);

emit log_named_decimal_uint("twab2 between",twab2,18);

assertEq(twab2,0);

assertEq(prevOrAtObservation.timestamp,PERIOD_OFFSET);

assertEq(prevOrAtObservation2.timestamp,PERIOD_OFFSET);

}

Tools Used

Manual review

Recommended Mitigation Steps

Assessed type

Other

c4-sponsor commented 1 year ago

asselstine marked the issue as sponsor confirmed

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Insufficient quality

Picodes commented 1 year ago

To the warden: even if there is an issue here, this report is not up to C4's standard. Please explain what the root cause of the issue is, the result you found when running your test, explain the potential impact, etc.