In contradiction with the RWAVotingEscrow::mint function that prevents zero-value locked balance entries from being created, the RWAVotingEscrow::split function will permit multiple zero-value entries to be split from one.
for (uint256 i = 1; i < len;) {
// grab current share
uint256 share = shares[i];
// locked balance for this NFT is percentage of shares * total locked balance
uint256 _lockedBalance = share * lockedBalance / totalShares;
// fetch new tokenId to mint
uint256 newTokenId = _incrementAndGetTokenId();
// store new tokenId in tokenIds array
tokenIds[i] = newTokenId;
// store timeststamp for new token
$._mintingTimestamp[newTokenId] = mintingTimestamp;
// mint new token
_mint(owner, newTokenId);
// update lock info for new token
_updateLock(newTokenId, _lockedBalance, remainingVestingDuration);
// subtract locked balance from total balance
unchecked {
remainingBalance -= _lockedBalance;
++i;
}
}
Recommendation:
We advise the code to ensure that each shares[i] entry (including the one at 0) is non-zero, preventing zero-value locked balance entries from being created.
chasebrownn
commented
6 months ago
RWV-02M: Inexistent Validation of Non-Zero Lock Balance
Description:
In contradiction with the
RWAVotingEscrow::mintfunction that prevents zero-value locked balance entries from being created, theRWAVotingEscrow::splitfunction will permit multiple zero-value entries to be split from one.Impact:
The
RWAVotingEscrow::splitfunction can be utilized to create zero-value locked balance entries which is prohibited by the normalRWAVotingEscrow::mintfunction.Example:
Recommendation:
We advise the code to ensure that each
shares[i]entry (including the one at0) is non-zero, preventing zero-value locked balance entries from being created.