stake.link

DeFiHardhatBridge

27,500 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

SDLPoolSecondary::`balances` mapping state is outdated

0xAbinash

Summary

balances mapping of SDLPool.sol contract is not updated in SDLPoolSecondary contract which results outdated state stored in the mapping.

Vulnerability Details

In SDLPool.sol contract there is a mapping: mapping(address => uint256) internal balances; which is used in SDLPoolSecondary contract to store the total number of locked stake a user has. When _mintQueuedNewLocks() is called this mapping increases the number of lockId for that user by 1. But after unlocking the number is not decreased which results an outdated state in that mapping.

POC

Run this test:

it('balances mapping check', async () => {

// 1st stake [locked]

await sdlToken.transferAndCall(

sdlPool.address,

toEther(100),

ethers.utils.defaultAbiCoder.encode(['uint256', 'uint64'], [0, 150 * DAY]) //queued

)

// 2nd stake [locked]

await sdlToken.transferAndCall(

sdlPool.address,

toEther(100),

ethers.utils.defaultAbiCoder.encode(['uint256', 'uint64'], [0, 150 * DAY]) //queued

)

// Processing those queued stake by calling these 2 functions

await sdlPool.handleOutgoingUpdate()

await sdlPool.handleIncomingUpdate(1)

// executing queued operations

await sdlPool.executeQueuedOperations([])

console.log("Before initiating unlock total number of locked position is: ",await sdlPool.balanceOf(accounts[0]))

console.log("Locked ids are: ", await sdlPool.getLockIdsByOwner(accounts[0]))

await time.increase(120 * DAY) //after 120 days

await sdlPool.initiateUnlock(1) //initiating unlock

await time.increase(500*DAY) // after 500 days

console.log("After unlocking total number of locked position is: ",await sdlPool.balanceOf(accounts[0]))

console.log("now lockIds are: ", await sdlPool.getLockIdsByOwner(accounts[0]))

})

Output:

Before initiating unlock total number of locked position is: BigNumber { value: "2" }

Locked ids are: [ BigNumber { value: "1" }, BigNumber { value: "2" } ]

After unlocking total number of locked position is: BigNumber { value: "2" }

now lockIds are: [ BigNumber { value: "1" }, BigNumber { value: "2" } ]

✔ balances mapping check (190ms)

1 passing (4s)

You can see lockIDs is not updated after unlocking.

Impact

It will be a issue if the balances mapping is used to do any operation.

Tools Used

Manual analysis

Recommendations

Decrease the element of mapping by 1 after unlocking a locked state.

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

27,500 USDC

nSLOC

1,414

19 USDC / LOC

High Medium

25,000 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.