claimOwnerIncentives x depositServiceDonationsETH x checkpoint x-entrancy Attack to get instant topups

[c4-bot-7]

Lines of code

https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Treasury.sol#L406https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Treasury.sol#L257 https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Dispenser.sol#L104 https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Treasury.sol#L298 https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Tokenomics.sol#L1067

Vulnerability details

Impact

Double Topup via claimOwnerIncentives-> depositServiceDonationsETH -> checkpoint -> claimOwnerIncentives loop

Proof of Concept

-> Deploys Attacking Smart Contract -> Executes 1st transaction via Attacking Contract to trigger depositServiceDonationsETH -> Execute 2nd transaction via Attacking Contract to trigger:

• claimOwnerIncentives // for 1st topup [ 1 ]
• depositServiceDonationsETH on fallback // to update service lastespoch & pendingTopup [ 2 ]
• checkpoint on fallback //to update epoch [ 3 ]
• 1st claimOwnerIncentives completes
• Call claimOwnerIncentives again //for 2nd topup [ 4 ]

Tools Used

Manual review

Recommended Mitigation Steps

Add x entrancy checks

Assessed type

Reentrancy

[c4-pre-sort]

alex-ppg marked the issue as insufficient quality report

[c4-judge]

dmvt marked the issue as unsatisfactory: Insufficient proof

[c4-judge]

dmvt marked the issue as unsatisfactory: Overinflated severity