Closed sherlock-admin2 closed 8 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { This is invalid ; the watson failed to explained a clear issue hes intended to report; or there is a alck of explanation of impact also}
Low severity, admins are trusted to set sufficient enough challenge period for council members to challenge, so that they should not challenge transaction at the very last miniute
popeye
high
Logical time gap flaw in
TelcoinDistributo::executeTransaction
causes potential oversight of valid challenges made at the end of the challenge period.Summary
Vulnerability Detail
On
TelcoinDistributo::executeTransaction
, this line checks if the current time exceeds the transaction's timestamp plus the challenge period, indicating that the challenge period has ended.This line checks whether the transaction has been challenged.
While the first
require
statement ensures that the challenge period has ended, it does not account for challenges that may have been submitted right before the end of this period. The contract only verifies if the transaction was challenged before, not considering the exact timing of these challenges.Suppose a transaction is proposed at
timestamp = T
. The challenge period lasts untiltimestamp = T + challengePeriod
. If a challenge is submitted very close toT + challengePeriod
(say atT + challengePeriod - ε
, where ε is a minimal time), it is valid and should prevent the transaction from executing. However, due to the current logic, ifexecuteTransaction
is called immediately afterT + challengePeriod
(even a second later), the contract would allow the transaction to proceed since it only checks if the current time is beyond the challenge period, not whether a challenge was made during this period.Impact
It can allow potentially contested transactions to be executed, undermining the effectiveness of the challenge mechanism.
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/protocol/core/TelcoinDistributor.sol#L87-L106 https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/protocol/core/TelcoinDistributor.sol#L115-L136 https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/protocol/core/TelcoinDistributor.sol#L143-L175
Proof of Concept
Consider two actors, Alice and Bob. Alice proposes a transaction which enters the challenge period. Bob notices an issue with the transaction and decides to challenge it just before the challenge period ends. However, due to the timing gap, Alice executes the transaction immediately after the challenge period ends, but before the challenge from Bob is recognized by the contract. This leads to the execution of a potentially faulty or contentious transaction.
Actors:
TelcoinDistributor.sol
contract.Scenario:
Alice Proposes a Transaction:
timestamp = t0
, Alice callsproposeTransaction
to propose a new transaction. This transaction is now open for challenges for a predefined period (challengePeriod
).proposedTransactions
array with a timestamp oft0
.Bob Challenges the Transaction:
timestamp = t0 + challengePeriod - ε
(where ε is a small time interval, say a few seconds), Bob notices an issue and callschallengeTransaction
to challenge Alice's transaction.challenged
flag is set totrue
. However, theexecuteTransaction
function does not account for the exact timing of this challenge.Alice Executes the Transaction:
timestamp = t0 + challengePeriod + δ
(where δ is a very small time interval right after the challenge period), Alice callsexecuteTransaction
.t0 + challengePeriod
. Since it is, the contract mistakenly allows the transaction execution, even though Bob's challenge was legitimate and within the challenge period.Tool used
Manual Review
Recommendation
Modify the
executeTransaction
function to ensure challenges are accounted for until the very end of the challenge period. Introduce an additional state variable or a mechanism to lock the transaction from execution once challenged.