lockDrop start date can can be configured to the past
Proof of Concept
The configureLockdrop function does not perform any validation checks to ensure that the start timestamp of the _lockdropData parameter is not in the past, relative to the current block.timestamp.
Tools Used
Manual review
Recommended Mitigation Steps
Ensure that the start timestamp of the _lockdropData is greater than the current block.timestamp.
if (_lockdropData.start < block.timestamp) revert LockdropStartedError();
Lines of code
https://github.com/code-423n4/2024-05-munchables/blob/57dff486c3cd905f21b330c2157fe23da2a4807d/src/managers/LockManager.sol#L98
Vulnerability details
Impact
lockDrop start date can can be configured to the past
Proof of Concept
The configureLockdrop function does not perform any validation checks to ensure that the start timestamp of the _lockdropData parameter is not in the past, relative to the current block.timestamp.
Tools Used
Manual review
Recommended Mitigation Steps
Ensure that the start timestamp of the _lockdropData is greater than the current block.timestamp.
if (_lockdropData.start < block.timestamp) revert LockdropStartedError();Assessed type
Context