search

hats-finance / Convergence-Finance---IBO-0x0e410e7af8e70fc5bffcdbfbdf1673ee7b3d0777

IBO, Vesting & Bond mecanism repo prepared for Hat finance audit competition
0 stars 0 forks source link

Creating a new vesting schedule for the same vesting type will forever brick funds in the contract #19

Open hats-bug-reporter[bot] opened 1 year ago

hats-bug-reporter[bot] commented 1 year ago

Github username: @iamjakethehuman Submission hash (on-chain): 0x04d07ad49dc3e5c5e62fdd392c07e511774e60436e1608767a4e84fac8c867ac Severity: high

Description: Description\ Whenever a vesting schedule is created for a type with an active vesting schedule, there'll be unexpected behaviour.

Attack Scenario\ In VestingCvg the owner can create vesting schedules with different types. Upon creating one, the vestingIdForType mapping is updated as follows.

vestingIdForType[_vestingType] = nextVestingScheduleId;

The problem is that it allows for value overwriting. Upon the 2nd call with the same _vestingType the old value will be overwritten and the following will happen. For easier readability, until the end of the report we will refer to the old (overwritten) tokenId as tokenId : 1 and the 2nd as tokenId : 2: Upon calling releaseSeed/releaseWl/releaseIbo with the old (first) _tokenId = 1:

  1. _computeReleaseAmount will be called and will calculate amountToRelease based on the seedInfo of the old _tokenId = 1. If the totalAmount of it is bigger than the totalAmount of it is > than the totalAmount of _tokenId = 2, it will allow for vestingSchedules[vestingScheduleId].totalReleased to be bigger than the vestingSchedules[_vestingScheduleId].totalAmount and will break all accounting.
  2. If amountReleasedIdSeed[1]> amountToRelease releaseSeed will revert due to an underflow in calculateRelease 
    amountToRelease =
                amountDroppedAtCliff +
                (((ONE_GWEI - ratio) * totalAmountAfterCliff) / ONE_GWEI) -
                totalAmountReleased;  //@audit will revert here due to underflow
  3. If the duration of the the new vesting schedule is lower than the original one (with _tokenId = 1) it will allow for faster release of all tokens in the first vesting schedule.

Attachments

  1. Proof of Concept (PoC) File

  2. Revised Code File (Optional) Implement logic to not allow for creating of new vesting schedules for the same vesting type if there are such currently active.

0xR3vert commented 1 year ago

Hello, Thanks a lot for your attention. We don't consider misconfiguration as an issue.We are aware of this and assume the risks. The revoke is here just in case of extreme emergency. In conclusion we have so to consider this issue as invalid.