Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

[M-2] the constructor in contracts\core\sdlPool\LinearBoostController.sol should require _minLockingDuration <= _maxLockingDuration

oluwaseyisekoni

Description:

The constructor in contracts\core\sdlPool\LinearBoostController.sol should require _minLockingDuration <= _maxLockingDuration. If the two parameters are set incorrectly it could affect the getBoostAmount and revert which could lead to a break in the protocol

**Impact: **Affects the function getBoostAmount.

function getBoostAmount(
uint256 _amount,
uint64 _lockingDuration
) external view returns (uint256) {
if (
(_lockingDuration != 0 && _lockingDuration < minLockingDuration) ||
_lockingDuration > maxLockingDuration
) revert InvalidLockingDuration();
return
(_amount * uint256(maxBoost) * uint256(_lockingDuration)) / uint256(maxLockingDuration);
}

Proof of Concept:

**Recommended Mitigation: **There should be a require statement in the constructor

constructor(uint64 _minLockingDuration, uint64 _maxLockingDuration, uint64 _maxBoost) {
require(_minLockingDuration <= _maxLockingDuration, "_minLockingDuration should be
lesser than _maxLockingDuration,")
minLockingDuration = _minLockingDuration;
maxLockingDuration = _maxLockingDuration;
maxBoost = _maxBoost;
}

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.