search

code-423n4 / 2024-05-olas-findings

13 stars 4 forks source link

Upgraded Q -> 2 from #108 [1720182273590] #121

Closed c4-judge closed 4 months ago

c4-judge commented 4 months ago

Judge has assessed an item in Issue #108 as 2 risk. The relevant finding follows:

7. syncWithheldAmount doesn't normalize the amount to sync based on bridging decimals

Links to affected code *

https://github.com/code-423n4/2024-05-olas/blob/3ce502ec8b475885b90668e617f3983cea3ae29f/tokenomics/contracts/Dispenser.sol#L1174

Impact

syncWithheldAmount is missing the downsizing of staking incentive to the specified number of bridging decimals which can lead to potential overinflation of the witheld amount for the chainid to be synced.

Recommended Mitigation Steps

Introduce the normalizer check for bridging decimals.

        if (bridgingDecimals < 18) {
            uint256 normalizedAmount = amount / (10 ** (18 - bridgingDecimals));
            normalizedAmount *= 10 ** (18 - bridgingDecimals);
            // Downsize staking incentive to a specified number of bridging decimals
            amount = normalizedAmount;
        }
c4-judge commented 4 months ago

0xA5DF marked the issue as duplicate of #26

c4-judge commented 4 months ago

0xA5DF marked the issue as satisfactory