The PrimeLiquidityProvider.accrueTokens() and PrimeLiquidityProvider._initializeToken() functions rely on block.number for calculating token accruals and initializing token distributions. This approach can lead to inconsistent behavior when deployed on Layer 2 solutions like Arbitrum or Optimism (opBNB), where block.number doesn't operate the same way as it does on Ethereum mainnet.
getBlockNumber():
function getBlockNumber() public view virtual returns (uint256) {
return block.number; //@audit-issue block.number means different things on different L2s
}
Inconsistent Behavior: The functions may not work as intended when deployed on Layer 2 solutions, affecting the token accrual and distribution mechanisms.
Exploitability: Malicious actors may exploit the varying behaviors of block.number on different platforms to manipulate token accrual or initialization.
Tools Used
Manual review
Solodit
Recommended Mitigation Steps
Use block.timestamp: Consider using block.timestamp instead of block.number to measure the time between actions, as block.timestamp is more consistent across different blockchains.
Lines of code
https://github.com/code-423n4/2023-09-venus/blob/b11d9ef9db8237678567e66759003138f2368d23/contracts/Tokens/Prime/PrimeLiquidityProvider.sol#L274-L278 https://github.com/code-423n4/2023-09-venus/blob/b11d9ef9db8237678567e66759003138f2368d23/contracts/Tokens/Prime/PrimeLiquidityProvider.sol#L249-L272 https://github.com/code-423n4/2023-09-venus/blob/b11d9ef9db8237678567e66759003138f2368d23/contracts/Tokens/Prime/PrimeLiquidityProvider.sol#L286-L301
Vulnerability details
Vulnerability Details
The
PrimeLiquidityProvider.accrueTokens()
andPrimeLiquidityProvider._initializeToken()
functions rely onblock.number
for calculating token accruals and initializing token distributions. This approach can lead to inconsistent behavior when deployed on Layer 2 solutions like Arbitrum or Optimism (opBNB), whereblock.number
doesn't operate the same way as it does on Ethereum mainnet.getBlockNumber()
:For
PrimeLiquidityProvider.accrueTokens()
:For
PrimeLiquidityProvider._initializeToken()
:Impact
block.number
on different platforms to manipulate token accrual or initialization.Tools Used
Recommended Mitigation Steps
Use
block.timestamp
: Consider usingblock.timestamp
instead ofblock.number
to measure the time between actions, asblock.timestamp
is more consistent across different blockchains.Assessed type
Other