Open c4-submissions opened 1 year ago
0xRobocop marked the issue as duplicate of #76
0xRobocop marked the issue as duplicate of #39
fatherGoose1 marked the issue as duplicate of #76
fatherGoose1 changed the severity to QA (Quality Assurance)
fatherGoose1 marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-09-venus/blob/b11d9ef9db8237678567e66759003138f2368d23/contracts/Tokens/Prime/PrimeLiquidityProvider.sol#L274-L278
Vulnerability details
Impact
There are two issues regarding the release rate of tokens in PrimeLiquidityProvider:
There is also a
BLOCKS_PER_YEAR
variable in Prime, I don't think this will work properly on polygon zkevm.Proof of Concept
I cannot provide a POC simulation to control the generation rate of blocks. You can view it from https://zkevm.polygonscan.com/. The general process is as follows:
1
block/s, the protocol sets the token release rate to1e18
, the total number of tokens to1e24
, and is expected to be released in12
days1
day, avoiding additional user participation and obtaining large rewards.Tools Used
Foundry
Recommended Mitigation Steps
Use timestamp instead of block number to calculate rate
Assessed type
Context