onlyOwner can set `_maxLockingDuration` in the Past
Summary
The contract lacks a check to ensure that the owner cannot set the maxLockingDuration to a timestamp in the past when calling the setMaxLockingDuration function. This oversight could potentially allow the owner to define a locking duration that has already expired.
Vulnerability Details
In the setMaxLockingDuration function, there is no explicit check to ensure that the provided _maxLockingDuration is greater than the current timestamp. This absence of validation leaves the contract vulnerable to the owner setting a maxLockingDuration in the past, which may have unintended consequences and could potentially disrupt the contract's expected behavior.
Impact
The impact of this vulnerability is that the owner could unintentionally set a maxLockingDuration in the past, leading to unexpected behavior in the contract. This may undermine the integrity of the boost calculation mechanism, as locking durations in the past might not align with the contract's intended logic.
Tools Used
Manual
Recommendations
Include a require statement in the setMaxLockingDuration function to check whether the provided _maxLockingDuration is greater than the current timestamp.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.