Users can exploit this vulnerability to reduce the lock duration of their tokens, allowing them to unlock tokens earlier than intended. This undermines the lock mechanism and allows users to receive rewards without adhering to the proper lock time, potentially leading to economic imbalances and unfair advantages.
Proof of Concept
Assume the following variables:
currentTimestamp = 100
(attackCall) _duration = 30
lastLockTime = 80 (some point in the past where user locked tokens)
pastDuration = 50 (original duration of the locked token at 80 of timestamp,lastLockTime)
currentUnlockTime = lastLockTime + pastDuration = 80 + 50 = 130
If the current unlockTime is, for example, 130, this check will pass:
if (uint32(block.timestamp) + uint32(_duration) < lockedTokens[msg.sender][tokenContract].unlockTime) {
revert LockDurationReducedError();
}
in fact this if statement will be: 130(100+30) < 130 => false = skip
and lastly will be reduced the unlockTime at this line:
Lines of code
https://github.com/code-423n4/2024-05-munchables/blob/57dff486c3cd905f21b330c2157fe23da2a4807d/src/managers/LockManager.sol#L245-L272
Vulnerability details
Impact
Users can exploit this vulnerability to reduce the lock duration of their tokens, allowing them to unlock tokens earlier than intended. This undermines the lock mechanism and allows users to receive rewards without adhering to the proper lock time, potentially leading to economic imbalances and unfair advantages.
Proof of Concept
Assume the following variables:
If the current unlockTime is, for example, 130, this check will pass:
in fact this if statement will be: 130(100+30) < 130 => false = skip
and lastly will be reduced the unlockTime at this line:
reducing in this way the unlockTime!
will leave the function commented to get a better idea:
Tools Used
manual review
Recommended Mitigation Steps
2 options: 1) change this line:
to this:
2) change this if statement:
to this
Assessed type
Context