Closed c4-bot-1 closed 9 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as primary issue
Negligibly inconsequential changes.
MarioPoneder changed the severity to QA (Quality Assurance)
MarioPoneder marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/protocol-rewards/src/abstract/RewardSplits.sol#L41
Vulnerability details
[MEDIUM-1] Wrong comparison of
paymentAmountWei
inRewardSplits::computeTotalReward
may lead to an user not being able to buy tokensDescription:
Since
minPurchaseAmount
is the minimum amount that can be purchased andmaxPurchaseAmount
is the maximum amount that can be purchased, thepaymentAmountWei
in the if statement should be less (<) thanminPurchaseAmount
and higher (>) thanmaxPurchaseAmount
. Otherwise, if thepaymentAmountWei
is equal to eitherminPurchaseAmount
ormaxPurchaseAmount
the function will revert and the total reward would not be computed which will lead to users not being able to buy tokens.Proof of Concept:
Since
RewardSplits::computeTotalReward
is called inTokenEmitterRewards::_handleRewardsAndGetValueToSend
, andTokenEmitterRewards::_handleRewardsAndGetValueToSend
is called inERC20TokenEmitter::buyToken
, the user might end up unable to buy.Tools used:
Manual code review.
Recommended Mitigation:
Change
<=
to<
and>=
to>
Assessed type
call/delegatecall