The _updateLock
function in the SDLPool
contract is intended to update the terms of an existing lock, specifically the amount and the locking duration. However, there is a logic flaw that allows the locking duration to be decreased even after the lock has expired, which should not be possible according to the intended behavior of the contract.
Issue:
The issue arises from the conditional check that only reverts if the lock has not expired and the new locking duration is less than the current duration. If the lock has already expired (_lock.expiry != 0 && _lock.expiry <= block.timestamp
), the first condition will be false, and the whole expression within the if statement will be false, so the function will not revert, even if the new locking duration is less than the current duration. This is the potential issue, as it allows the locking duration to be decreased for expired locks, which may not be the intended behavior.
POC :
Note: Written in Foundry
Note: The test was done using only 1 import of SDLPool.sol file (since I have others files associated with it) from the contracts.
This flaw could allow users to circumvent the intended locking mechanism, potentially withdrawing their tokens earlier than allowed or affecting the reward calculations that depend on the lock duration.
Manual Review, Audit Wizard tool, AI.
To resolve this issue, the conditional check should be updated to ensure that the locking duration cannot be decreased under any circumstances:
By using a require statement, the contract enforces that the new locking duration must always be greater than or equal to the current duration
, regardless of the lock's expiry status. This change ensures that the integrity of the locking mechanism is maintained and that the contract behaves as intended.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.