search

code-423n4 / 2024-02-ai-arena-findings

4 stars 3 forks source link

User voltage would be replenished even if it is already full #623

Closed c4-bot-6 closed 8 months ago

c4-bot-6 commented 8 months ago

Lines of code

https://github.com/code-423n4/2024-02-ai-arena/blob/cd1a0e6d1b40168657d1aaee8223dc050e15f8cc/src/VoltageManager.sol#L105-L111

Vulnerability details

Impact

Voltage in the protocol is used as energy for battles. The max is 100 and a battle costs 10. There are currently 2 ways to replenish it. One is by a battery item which costs tokens, another is every 24 hours.

The second one is done automatically when battle is initiated if the 24 hours have passed

Proof of Concept

Steps:

  1. User uses battery to fill up voltage
  2. User does not battle for 24 hours so his automatic refill condition is up
  3. User engages in battle and his voltage is replenished because 24 hours have passed, effectively losing on the automatic replenish

Tools Used

Manual review

Recommended Mitigation Steps

In VoltageManager.sol change spendVoltage() to so that it only uses the automatic voltage replenish if it is indeed needed.

    function spendVoltage(address spender, uint8 voltageSpent) public {
        require(spender == msg.sender || allowedVoltageSpenders[msg.sender]);
+        if (ownerVoltage[spender] < voltageSpent) {
            if (ownerVoltageReplenishTime[spender] <= block.timestamp) {
                _replenishVoltage(spender);
            }
+        }
        ownerVoltage[spender] -= voltageSpent;
        emit VoltageRemaining(spender, ownerVoltage[spender]);
    }

Assessed type

Context

c4-pre-sort commented 8 months ago

raymondfam marked the issue as sufficient quality report

c4-pre-sort commented 8 months ago

raymondfam marked the issue as duplicate of #27

c4-judge commented 7 months ago

HickupHH3 changed the severity to QA (Quality Assurance)