Missing 2 seasons old checks in `incrementTotalDeposited ` & `decrementTotalDeposited` functions
Summary
The LibTokenSilo:incrementTotalDeposited and LibTokenSilo:decrementTotalDeposited functions lack a check for the deposit to determine whether it's at least two seasons old, which could potentially lead to incorrect accounting for deposits.
Vulnerability Details
These functions are called from many contracts. Most of them have done validation for deposits such as ConvertFacet:_depositTokensForConvert which checks if the token is not germinating(> 2 seasons).
But some functions are missing these validations or checking even and odd germinating which are not guaranteed 2 seasons old.
Impact
Without a check for the deposit's age, the incrementTotalDeposited function increments the total deposited amount and BDV for a token, and decrementTotalDeposited function decrements the total deposited amount and BDV for a token without considering whether the deposit is at least two seasons old. This could lead to inaccurate accounting for deposits and affect the overall balance and calculations in the system.
Tools Used
Manual Review
Recommendations
Implement a check in the incrementTotalDeposited & decrementTotalDeposited functions to verify whether the deposit is at least two seasons old before incrementing the total deposited amount and BDV. This ensures that only deposits meeting the age requirement contribute to the total deposited balance.
Lead Judging Commences
Germinating validation
Germinating validation
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.