Closed sherlock-admin2 closed 1 month ago
This issue falls under the admin category https://docs.sherlock.xyz/audits/judging/judging#vii.-list-of-issue-categories-that-are-not-considered-valid
Admin Input/call validation:
An admin action can break certain assumptions about the functioning >of the code. Example: Pausing a collateral causes some users to be >unfairly liquidated or any other action causing loss of funds. This is >not considered a valid issue.
slowfi
Medium
The
period.endTime
Can Not Match With Its Assigned ValueSummary
The
Voter
contract sets theendTime
for a certain period with a fixed time when starting a voting period. However the end period does not necessarily correspond to that value. This may result in an improper time reward distribution on theBribeReward
contract.Vulnerability Detail
Theoretically the
period
time is14 days
. However the functionstartNewVotingPeriod
can be called at any time. If a period is finished sooner than expected theendTime
will still be a value on the future. That period is not possible to be voted, but it still goes on.Moreover the
BribeRewarder
still uses the wrong end time to distribute the rewards although it is impossible to still vote on that period.Impact
users may need to wait for times that are not reflected on the current contract to get their rewards.
Code Snippet
startNewVotingPeriod function
Tool used
Manual Review
Recommendation
Assign the end time of the previous period when starting a new period.