Unrunnable_Code

Low/Info issue submitted by petarP1998

Summary

In the SophonFarming::set function, an unrunnable code block was identified due to the nature of block.number. The code is attempting to set pool.lastRewardBlock based on a condition that can never be true.

Vulnerability Detail

The following code block in the SophonFarming::set function is unrunnable:

if (getBlockNumber() < pool.lastRewardBlock) {
  pool.lastRewardBlock = startBlock;
}

https://github.com/sherlock-audit/2024-05-sophon/blob/main/farming-contracts/contracts/farm/SophonFarming.sol#L195

The block number (block.number) is always correct and cannot be manipulated. The contract sets pool.lastRewardBlock as follows:

pool.lastRewardBlock = getBlockNumber();

and

uint256 lastRewardBlock = getBlockNumber() > startBlock
  ? getBlockNumber()
  : startBlock;

As a result, a situation where block.number is less than pool.lastRewardBlock is impossible.

Impact

If the if statement was included for security reasons, setting pool.lastRewardBlock to startBlock could result in a larger block multiplier being calculated in SophonFarming::_pendingPoints, potentially leading to incorrect reward calculations.

Code Snippet

The unrunnable code block:

if (getBlockNumber() < pool.lastRewardBlock) {
  pool.lastRewardBlock = startBlock;
}

Tool used

Manual Review

Recommendation

Replace the existing condition with the following code to ensure pool.lastRewardBlock is set to the current block number:

if (getBlockNumber() < pool.lastRewardBlock) {
  pool.lastRewardBlock = getBlockNumber();
}

This change will prevent potential issues with reward calculations due to incorrect block multiplier values.

sherlock-audit / 2024-05-sophon-judging

Unrunnable_Code #233