search

code-423n4 / 2024-05-munchables-findings

3 stars 1 forks source link

Upgraded Q -> 3 from #74 [1717590433591] #553

Closed c4-judge closed 4 months ago

c4-judge commented 4 months ago

Judge has assessed an item in Issue #74 as 3 risk. The relevant finding follows:

[L-01] Donation to extend the unlocking time of other players

The lockOnBehalf() allows any user to donate 1 wei to extend the unlocking time of any player's locks.

Location: LockManager::lockOnBehalf()

        function lockOnBehalf(
        address _tokenContract,
        uint256 _quantity,
        address _onBehalfOf
    )
        external
        payable
        notPaused
        onlyActiveToken(_tokenContract)
        onlyConfiguredToken(_tokenContract)
        nonReentrant
    {
        address tokenOwner = msg.sender;
        address lockRecipient = msg.sender;
        if (_onBehalfOf != address(0)) {
            lockRecipient = _onBehalfOf;
        }

        _lock(_tokenContract, _quantity, tokenOwner, lockRecipient);
    }

Location: LockManager::_lock()

    function _lock(
        address _tokenContract,
        uint256 _quantity,
        address _tokenOwner,
        address _lockRecipient
    ) private {

        // SNIPPED 

        lockedToken.lastLockTime = uint32(block.timestamp);
        lockedToken.unlockTime =
            uint32(block.timestamp) +
            uint32(_lockDuration);
    }
c4-judge commented 4 months ago

alex-ppg marked the issue as duplicate of #165

c4-judge commented 4 months ago

alex-ppg marked the issue as partial-25