Several off-by-one issues
Summary
Vulnerability Details
off-by-one, if periodFinish == block.timestamp it should pass
//because the whole block will have the same timestamp, but technically it will be after that.
//low at most because no one will care about 12 seconds but it is wrong
```
function setVestingPeriod(uint32 _period) external override onlyElevatedAccess {
if (_period < WEEK_LENGTH) { revert CommonEventsAndErrors.InvalidParam(); }
// only change after reward epoch ends
if (rewardData.periodFinish >= block.timestamp) { revert InvalidOperation(); }
vestingPeriod = _period;
emit VestingPeriodSet(_period);
}
/**
* @notice Set reward duration
* @param _duration Reward duration
*/
function setRewardDuration(uint256 _duration) external override onlyElevatedAccess {
// minimum reward duration
if (_duration < WEEK_LENGTH) { revert CommonEventsAndErrors.InvalidParam(); }
// only change after reward epoch ends
//@audit off-by-one, if periodFinish == block.timestamp it should pass
//because the whole block will have the same timestamp, but technically it will be after that.
//low at most because no one will care about 12 seconds but it is wrong
if (rewardData.periodFinish >= block.timestamp) { revert InvalidOperation(); }
rewardDuration = _duration;
emit RewardDurationSet(_duration);
}
```
Impact
Tools Used
manual review
Recommendations
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.