search

code-423n4 / 2024-02-ai-arena-findings

4 stars 3 forks source link

wrong implementation in spendVoltage #2002

Closed c4-bot-3 closed 8 months ago

c4-bot-3 commented 9 months ago

Lines of code

https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/VoltageManager.sol#L105

Vulnerability details

Impact

Detailed description of the impact of this finding.

Here we are not checking "ownerVoltageReplenishTime[spender] <= block.timestamp" it should be ownerVoltageReplenishTime[spender] < block.timestamp.

and there is no verifying whether ownerVoltage[spender] is greater than voltage Spent. This may cause a revert.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

Here we are not checking "ownerVoltageReplenishTime[spender] <= block.timestamp" it should be ownerVoltageReplenishTime[spender] < block.timestamp.

and there is no verifying whether ownerVoltage[spender] is greater than voltage Spent. function spendVoltage(address spender, uint8 voltageSpent) public { require(spender == msg.sender || allowedVoltageSpenders[msg.sender]); @> if (ownerVoltageReplenishTime[spender] <= block.timestamp) { _replenishVoltage(spender); } @> ownerVoltage[spender] -= voltageSpent; emit VoltageRemaining(spender, ownerVoltage[spender]); }

Tools Used

Recommended Mitigation Steps

function spendVoltage(address spender, uint8 voltageSpent) public { require(spender == msg.sender || allowedVoltageSpenders[msg.sender]); @> if (ownerVoltageReplenishTime[spender] <block.timestamp) { _replenishVoltage(spender); } @> if(ownerVoltage[spender]>=voltageSpent) ownerVoltage[spender]-=voltageSpent; emit VoltageRemaining(spender, ownerVoltage[spender]); }

Assessed type

Context

c4-pre-sort commented 8 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 8 months ago

raymondfam marked the issue as primary issue

raymondfam commented 8 months ago

Pre-check has been in place to circumvent it.

c4-judge commented 8 months ago

HickupHH3 marked the issue as unsatisfactory: Invalid