search

sherlock-audit / 2023-02-carapace-judging

2 stars 0 forks source link

Breeje - Buyers can withdraw their liquidity after open period ends #276

Closed github-actions[bot] closed 1 year ago

github-actions[bot] commented 1 year ago

Breeje

medium

Buyers can withdraw their liquidity after open period ends

Summary

Buyers can withdraw their liquidity after open period ends until someone calls calculateAndSetPoolCycleState.

Vulnerability Detail

calculateAndSetPoolCycleState needs to be explicitly called to change the state of ProtectionPoolCycleState from Open to Locked. But till then even if the open period is over, buyers can still withdraw their liquidity from the protection pool.

Impact

Buyers can withdraw their liquidity after open period ends

Code Snippet

File: ProtectionPoolCycleManager.sol

    if (
        block.timestamp - poolCycle.currentCycleStartTime >
        poolCycle.params.openCycleDuration
      ) {
        poolCycle.currentCycleState = _newState = ProtectionPoolCycleState
          .Locked;
      }

Link to code

Tool used

Manual Review

Recommendation

Recommend to not let Withdraw request go through if Open till is over.

Duplicate of #100