stake.link

stake.link
DeFiHardhatBridge
27,500 USDC
View results
Submission Details
Severity: medium
Invalid

Add more robust validation in the `_createLock` and `_updateLock` functions to prevent unexpected state changes.

Summary

There is room for additional validation on some state changing functions like _createLock, _updateLock to prevent unexpected values or states.

Vulnerability Details

The main issue is that these functions rely on passed in parameters to set lock states without checking that they fall within valid ranges:

function _createLock(uint256 _amount, uint64 _lockingDuration) internal view returns (Lock memory) {
//@ No checks on _amount or _lockingDuration
uint256 boostAmount = boostController.getBoostAmount(_amount, _lockingDuration);
uint64 startTime = _lockingDuration != 0 ? uint64(block.timestamp) : 0;
//@ Set lock using passed in values
return Lock(_amount, boostAmount, startTime, _lockingDuration, 0);
}

This could be triggered by incorrectly coded external contract calls to _createLock and _updateLock or a compromised owner account making direct calls.

Scenario

  1. A bad actor gains access to the owner account

  2. They call _createLock with values:

    • _amount = 0

    • _lockingDuration = 86400 * 365 years (max uint64 number)

  3. This creates a lock that appears to stake a very large amount due to the overflowed duration

  4. When rewards are calculated this lock takes a very large share, breaking the distribution

  5. Or the lock can never be withdrawn from due to the 0 amount

Impact

If invalid values are passed into _createLock or _updateLock, it could result in lock states that break the expected staking logic and token distribution. For example:

  • Locks with 0 amount, causing division by 0 errors in calculations

  • Locks with extremely large boost amounts, skewing distribution

  • Locks with expired start times, making the tokens impossible to unlock

This could prevent users from withdrawing their tokens when they expect to or cause reward calculations to drastically skew towards certain accounts.

Tools Used

Vs

Recommendations

Add validation checks in the functions for example.

// Validate amount is > 0
if (_amount == 0) {
revert InvalidAmount();
}
// Validate locking duration is <= max duration
// and does not overflow to 0
if (_lockingDuration == 0 || _lockingDuration > MAX_LOCK_DURATION) {
revert InvalidDuration()
}

This will prevent unexpected parameter values from ever putting the contract into an inconsistent state.

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.