The InitialisePoolLastRunTime
function lacks input validation for the _time
parameter. This can lead to setting an invalid or outdated timestamp, potentially disrupting the pool's intended operation.
The InitialisePoolLastRunTime
function allows authorized users to set the last run time of a pool. However, it does not validate the _time
parameter, which can lead to setting an invalid or outdated timestamp. This can disrupt the pool's intended operation and potentially cause financial losses.
PoC:
Using the following values:
_poolAddress
: Address of the pool
_time
: 500,000 (an outdated timestamp)
Any authorized user can call the InitialisePoolLastRunTime
function with an outdated timestamp to set the last run time of the pool.
The lack of input validation allows authorized users to set an invalid or outdated timestamp for the last run time of a pool. This can disrupt the pool's intended operation and potentially cause financial losses.
Manual review.
Add validation to ensure the _time
parameter is within a reasonable range. For example, ensure that the _time
parameter is not in the past and is not too far in the future.
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.