stake.link
stake.link
DeFiHardhatBridge
27,500 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing check for maximum locking duration in migrate function

0xtheblackpanther

Summary

In the SDLPoolPrimary smart contract, the migrate function includes a comment suggesting that it reverts if _lockingDuration exceeds a maximum limit. However, there is no explicit check for this condition in the code. This omission may lead to unexpected behavior if there is a requirement to enforce a maximum locking duration.

Vulnerability Details

The migrate function in the SDLPoolPrimary contract lacks an explicit check for the maximum locking duration, as indicated by a comment in the code. Without this check, the contract may not enforce the intended constraint on the locking duration, potentially leading to unexpected behavior.

Code Snippet

function migrate(address _sender, uint256 _amount, uint64 _lockingDuration) external {
if (msg.sender != delegatorPool) revert SenderNotAuthorized();
sdlToken.safeTransferFrom(delegatorPool, address(this), _amount);
_storeNewLock(_sender, _amount, _lockingDuration);
}

Impact

This issue could lead to unexpected behavior, potentially allowing stakeholders to migrate stakes with locking durations exceeding the intended maximum. This might result in a deviation from the contract's expected behavior and compromise the security of the system.

Tools Used

Manual review.

Recommendation

Include an explicit check for the maximum locking duration inside the migrate function to ensure that the contract adheres to the specified constraints. For example:

if (_lockingDuration > MAX_LOCKING_DURATION) revert InvalidLockingDuration();

Replace MAX_LOCKING_DURATION with the actual maximum locking duration allowed.

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.