search

sherlock-audit / 2023-11-covalent-judging

3 stars 2 forks source link

whoismxuse - ContributorsN will fail against _BlockSpecimenQuorum even though it is met #115

Closed sherlock-admin2 closed 8 months ago

sherlock-admin2 commented 8 months ago

whoismxuse

medium

ContributorsN will fail against _BlockSpecimenQuorum even though it is met

Summary

in BlockSpecimenProofChain contributorsN is checked against _BlockSpecimenQuorum however it should pass when it meets the quorum, but instead it fails if contributorsN = _BlockSpecimenQuorum

Vulnerability Detail

This happens because of the error the team made, by using > instead of >=

Impact

This will eventually lead to the check failing while it should instead pass, for instance if the quorum would be set to 50% which is reasonable and logical, if the contributors would match this percentage it would still not pass due to the lack of the = sign. Usually this small mistake would be seen as a low, but in this scenario I would deem it to be medium because the quorum is intent to be set to a logical percentage which could very well be equally met by the contributorsN and should therefore be able to be passed.

Code Snippet

https://github.com/sherlock-audit/2023-11-covalent/blob/218d4a583286fa0d3d4263151a927f6cc9465b62/cqt-staking/contracts/BlockSpecimenProofChain.sol#L430-L431

Tool used

Manual Review

Recommendation

+ if (_minSubmissionsRequired <= max && (max * _DIVIDER) / contributorsN >= _blockSpecimenQuorum)

Duplicate of #55

sherlock-admin2 commented 8 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

valid: medium(10)