Closed sherlock-admin3 closed 4 months ago
accPointsPerShare
SophonFarmingState
Low/Info issue submitted by 4b
Incorrect natspec in SophonFarmingState PoolInfo struct
The natspec states that accPointsPerShare = Accumulated points per share, times 1e18.
Accumulated points per share, times 1e18
But in SophonFarming updatePool function at line 430, we can observe that the accPointsPerShare being calculated is not multiplied by 1e18 like other parts of the code.
updatePool
Therefore violating the invariant stated in the natspec
Incorrect natspec
function updatePool(uint256 _pid) public { PoolInfo storage pool = poolInfo[_pid]; if (getBlockNumber() <= pool.lastRewardBlock) { return; } uint256 lpSupply = pool.amount; uint256 _pointsPerBlock = pointsPerBlock; uint256 _allocPoint = pool.allocPoint; if (lpSupply == 0 || _pointsPerBlock == 0 || _allocPoint == 0) { pool.lastRewardBlock = getBlockNumber(); return; } uint256 blockMultiplier = _getBlockMultiplier(pool.lastRewardBlock, getBlockNumber()); uint256 pointReward = blockMultiplier * _pointsPerBlock * _allocPoint / totalAllocPoint; pool.accPointsPerShare = pointReward / lpSupply + pool.accPointsPerShare; pool.lastRewardBlock = getBlockNumber(); }
Manual Review
Natspec should be corrected
Incorrect natspec for
accPointsPerShareinSophonFarmingStatePoolInfo structLow/Info issue submitted by 4b
Summary
Incorrect natspec in
SophonFarmingStatePoolInfo structVulnerability Detail
The natspec states that
accPointsPerShare=Accumulated points per share, times 1e18.But in SophonFarming
updatePoolfunction at line 430, we can observe that theaccPointsPerSharebeing calculated is not multiplied by 1e18 like other parts of the code.Therefore violating the invariant stated in the natspec
Impact
Incorrect natspec
Code Snippet
Tool used
Manual Review
Recommendation
Natspec should be corrected