Open hats-bug-reporter[bot] opened 11 months ago
out of scope but TY!
@seongyun-ko
With due respect, I don't see this issue as an out of scope issue. I have gone through previous audits where this issue was not found and this issue does not come under any of the following out of scope rules.
The issue is real and the impact is well explained.
I politely request for the reconsideration of this issue.
@bunbuntigery This issue will surely affect in coming years once Ethereum block generation time changes.
Github username: @0xRizwan Submission hash (on-chain): 0xd943071b0ea374f7753e8a174551d8b1bed2f10436568c176b2819204a234d0e Severity: medium
Description: Description\
MembershipNFT.computeTierPointsForEap()
is used to compute thetierPoints
for Early Adapter Pool(EAP). This function is extensively used in following contracts,1)
MembershipManager.computeTierPointsForEap()
which can be checked here2)
MembershipManagerV0.wrapEthForEap()
which can be checked here3)
MembershipManagerV0.recoverTierPointsForEap()
which can be checked hereAll these function takes argument
_eapDepositBlockNumber
per thecomputeTierPointsForEap()
function, This can be checked below(kept relevant code for simpler issue understanding)The issue here is, this function has used hardcoded block generation time which is 13 seconds being considered in contract for Ethereum block chain.
Hardcoding block generation time wont allow to change it if the ethereum block time changes after any future hard forks. The last time it got changed in september, 2022 where the block time got reduced from 15 seconds to 12 seconds.
Ethereum blockchain has several future upgrades in coming years, some big changes like Ethereum sharding will be the game changer for ethereum as it will allow for its scalability. This major upgrade will reduce the block time further and it is expected it will slash the block formation time by twice.
Consider a scenario,
We have,
For our example scenario, lets find the
tierPoints
to get the issue better,Current block.number at the time of writing this report is
18521824
Considering 13 seconds as block time,
tierPoints
will be 3096.However, if we consider the Ethereum future forks which ofcourse going to reduce the block formation period, lets consider 6 seconds in our scenario so the
tierPoints
will be 1429.Now, this is huge effect if the Ethereum block formation period is hardcoded, we have considered 6 seconds even it could be 2 seconds probably by next year the effect on
tierPoints
calculation will be huge.Function like
MembershipManager.computeTierPointsForEap()
,MembershipManagerV0.wrapEthForEap()
,MembershipManagerV0.recoverTierPointsForEap()
will be severily affected by this issue as if the hardcoded block time is kept, the tierPoints will be calculated more and will be rewarded more which should not be the desired behavior here. tier points have a direct relationship to staking rewards so while calculating the
tierPoints
an extra prevention is required. This issue is very much possible in few months after the Ethereum fork and the issue is identified as Medium severity as it will break the intended functionality wrt totierPoints
calculation which is one of the core functionality of protocol.Attack Scenario\ As described above.
Attachments
https://github.com/hats-finance/ether-fi-0x36c3b77853dec9c4a237a692623293223d4b9bc4/blob/180c708dc7cb3214d68ea9726f1999f67c3551c9/src/MembershipNFT.sol#L334
Recommend below high level mitigation to resolve the issue,