Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Audit of claimPeriodActive Function Logic and Potential Vulnerability

8olidity

Summary

Audit of claimPeriodActive Function Logic and Potential Vulnerability

Vulnerability Details

The claimPeriodActive function may incorrectly return false in certain situations, even when the claim period is actually active. This is due to the function's over-reliance on the return value of stakeController.getUnbondingEndsAt, without considering all possible scenarios.

function claimPeriodActive() external view returns (bool) {
uint256 unbondingPeriodEndsAt = stakeController.getUnbondingEndsAt(address(this));
if (unbondingPeriodEndsAt == 0 || block.timestamp < unbondingPeriodEndsAt) return false;
return block.timestamp <= stakeController.getClaimPeriodEndsAt(address(this));
}

Impact

This issue could prevent operators from claiming their rewards when they should be able to do so.

Tools Used

vscode

Recommendations

Modify the claimPeriodActive function to not solely rely on the return value of getUnbondingEndsAt, but also consider other factors to determine the actual state of the claim period. For example, an additional check could be added to verify if there are unclaimed rewards, or a new state variable could be introduced to track the active status of the claim period.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.