Uninitialized checkpoint timestamp in VotingEscrow contract leads to incorrect distribution of delegated tokens
Summary
A checkpoint in the VotingEscrow contract contains a timestamp variable, which is intended to store the block number when the checkpoint is created. However, this variable is not initialized anywhere in the codebase, causing functions that rely on it to break.
Vulnerability Detail
The timestamp variable within the Checkpoint struct is not initialized in the codebase. This causes any function that relies on the timestamp of a checkpoint to fail.
The following functions depend on the timestamp of a checkpoint:
VotingEscrow._findWhatCheckpointToWrite
VotingEscrow.getPastVotesIndex
These functions are used in various other functions:
Due to the uninitialized timestamp variable, these functions will not work correctly, potentially causing disruptions in the functionality of the contract.
Impact
Failure of functions that rely on the timestamp variable in the Checkpoint struct.
Disruption of voting and delegation processes in the VotingEscrow contract.
Initialize the timestamp variable of the checkpoint in the codebase. Ensure that every time a checkpoint is created, the timestamp variable is set to the current block number.
blackhole
High
Uninitialized checkpoint timestamp in VotingEscrow contract leads to incorrect distribution of delegated tokens
Summary
A checkpoint in the VotingEscrow contract contains a timestamp variable, which is intended to store the block number when the checkpoint is created. However, this variable is not initialized anywhere in the codebase, causing functions that rely on it to break.
Vulnerability Detail
The timestamp variable within the Checkpoint struct is not initialized in the codebase. This causes any function that relies on the timestamp of a checkpoint to fail.
The following functions depend on the timestamp of a checkpoint:
These functions are used in various other functions:
Due to the uninitialized timestamp variable, these functions will not work correctly, potentially causing disruptions in the functionality of the contract.
Impact
Code Snippet
https://github.com/sherlock-audit/2024-06-velocimeter/blob/main/v4-contracts/contracts/VotingEscrow.sol#L1423 https://github.com/sherlock-audit/2024-06-velocimeter/blob/main/v4-contracts/contracts/VotingEscrow.sol#L1306-L1335
Tool used
Manual Review
Recommendation
Initialize the timestamp variable of the checkpoint in the codebase. Ensure that every time a checkpoint is created, the timestamp variable is set to the current block number.
Duplicate of #288