TempleGold

Summary

Off-by-One Error in EpochLib Allows Simultaneous Active and Ended States

Vulnerability Details

Off-by-One Error in EpochLib Allows Simultaneous Active and Ended States:

1. In the isActive function:

2.In the hasEnded function:

The issue arises when block.timestamp is exactly equal to info.endTime. At this precise moment:

isActive returns false
hasEnded returns true
However, logically, an epoch should not be both inactive and ended simultaneously

This creates a logical inconsistency where for a brief moment, the epoch is neither active nor ongoing, but has ended.

Impact

The impact of this vulnerability is high because:

It can lead to inconsistent contract states in systems relying on these functions.
It may allow malicious actors to exploit this brief window of inconsistency to their advantage, especially in time-sensitive operations like auctions or voting systems.
It could cause critical operations to fail or behave unexpectedly if they rely on the mutual exclusivity of active and ended states.
In financial contexts, this could potentially lead to loss of funds or unfair advantages.

Tools Used

Manual

Recommendations

To fix this issue, the hasEnded function should be modified to use a strict inequality:

This change ensures that:

• An epoch is active from startTime up to but not including endTime.

• An epoch has ended strictly after endTime.

• There is no ambiguous state where an epoch is neither active nor has it ended.

Additionally, it's recommended to add comprehensive unit tests to verify the correct behavior of these functions, especially at boundary conditions (e.g., exactly at startTime and endTime).