MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

closePot()::Pot.sol should check for <= 90 days instead of < 90 days to follow the protocol rules in description

0xziin

Summary

closePot()::Pot.sol should check for <= 90 days instead of < 90 days to strictly follow the protocol rules in description.

Vulnerability Details

https://github.com/Cyfrin/2024-08-MyCut/blob/main/src/Pot.sol#L50-L52

function closePot() external onlyOwner {
if (block.timestamp - i_deployedAt < 90 days) { // <== Here is the problem
revert Pot__StillOpenForClaim();
}
...

It should be <= 90 and not < 90 because in the description it is said :

"allowing authorized claimants 90 days to claim before the manager takes a cut..."

=> meaning at 90 days a user should still be able to claim !

POC (Proof Of Concept)

=> Change the timestamp to be exactly at 90 days after deployment.

=> Try to execute closePot()::Pot.sol

=> You can see that the transaction does not revert, meaning it is possible to close the Pot exactly at 90 days after deployment, which is 1 day before the restriction period.

Impact

Rule of the protocol not respected, misleading the end user.

Tools Used

Github, VisualCode, Foundry.

Recommendations

Replace #L50-L52 with:

if (block.timestamp - _deployedAt <= 90 days) { // <== Here is the change
revert Pot__StillOpenForClaim();
}
Updates

Lead Judging Commences

equious Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Appeal created

0xziin Submitter
12 months ago
equious Lead Judge
12 months ago
equious Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.