Overlapping Seasons in Migration Process
Summary
The mowAndMigrate function is designed to migrate a farmer's deposits from an old season-based system to a new stem-based system. It accepts arrays representing tokens, seasons, and amounts to be migrated.
Vulnerability Details
There is no explicit validation to ensure that the seasons array does not contain duplicate entries for the same token. This could result in the same season being processed multiple times, potentially leading to an inaccurate migration of deposit amounts and rewards calculations.
Impact
If exploited, this vulnerability could lead to incorrect accounting of tokens, seeds, and stalk within the new system. This might result in unfair distribution of migrated assets, affecting the integrity of the migration process and potentially the overall tokenomics of the platform.
Tools Used
Manual review
Recommendations
Implement a check within the mowAndMigrate function to ensure that each season for a given token is unique. This could be done by sorting the seasons array and checking for consecutive duplicates or by using a mapping to track which seasons have already been processed.
Lead Judging Commences
Informational/Invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.