MorpheusAI

Foundry

22,500 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

` Distribution :: editPool` admin can can override pool data

kgothatso

Summary

front-run users

Vulnerability Details

admin can front-run user before they withdraw funds by extending the payoutStart ,withdrawLockPeriod, withdrawLockPeriod
andclaimLockPeriod every time they see that withdrawals are due.

Impact

can be used to lock funds in the protocol. lose of funds and user can get less rewards.

Tools Used

manual

Recommendations

before updating pool data the function editPool should compare all old values and
the new values and update some variables only if you are not overring old variables with
zero's in the new pool values. The must be a time limit for making pool edit for a pool created and after that time has passed the admin
can not edit the pool.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

22,500 USDC

nSLOC

1,054

21 USDC / LOC

High Medium

20,000 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.