Summary

There are 2 require statements that make sure that a certain time has passed. One is in Distribution::createPool and the other is in Distribution::claim. In these checks > is used to compare the values. They should also be callable on the exact time as well and >= should be used.

Vulnerability Details

First lets look at createPool function. It can be called only by the owner and it's purpose is to create a pool. The first line is require(pool_.payoutStart > block.timestamp, "DS: invalid payout start value");. This is to make sure that the pool's payoutStart is after the current time. This will not allow the owner to create a pool with payoutStart == block.timestamp

Now lets look at the claim function. This function can be called by anyone as long as the pool exists. In here we have require(block.timestamp > pool.payoutStart + pool.claimLockPeriod, "DS: pool claim is locked");. This check will only allow users to claim their rewards after the pool's payoutStart + claimLockPeriod have elapsed. With this the users will not be able to call this function when the block.timestamp == payoutStart + claimLockPeriod.

Impact

Owner and users will not be able to call functions on the current block.timestamp.

Tools Used

Manual Review

Recommendations

Use >= instead of >