QuantAMM
QuantAMM
49,600 OP
View results
Previous Next
Submission Details
Severity: low
Valid

Inaccurate assignment of `blockTimestampDeposit` in `FeeData` struct

ragnarok

Summary

The UpliftOnlyExample::FeeData struct defines the blockTimestampDeposit field to store a uint40 value representing block.timestamp. However, in the UpliftOnlyExample::afterUpdate function, this field is incorrectly assigned a uint32 value of block.number. This mismatch results in the blockTimestampDeposit field storing an unintended and incorrect value, leading to an inaccurate representation of the contract's state.

UpliftOnlyExample::afterUpdate function:

function afterUpdate(address _from, address _to, uint256 _tokenID) public {
...
if (tokenIdIndexFound) {
if (_to != address(0)) {
feeDataArray[tokenIdIndex].lpTokenDepositValue = lpTokenDepositValueNow;
=> feeDataArray[tokenIdIndex].blockTimestampDeposit = uint32(block.number);
feeDataArray[tokenIdIndex].upliftFeeBps = upliftFeeBps;
...
}
}
}

Impact

This mismatch results in the blockTimestampDeposit field storing an unintended and incorrect value, leading to an inaccurate representation of the contract's state.

Recommendations

Update the UpliftOnlyExample::afterUpdate function:

function afterUpdate(address _from, address _to, uint256 _tokenID) public {
...
if (tokenIdIndexFound) {
if (_to != address(0)) {
feeDataArray[tokenIdIndex].lpTokenDepositValue = lpTokenDepositValueNow;
- feeDataArray[tokenIdIndex].blockTimestampDeposit = uint32(block.number);
+ feeDataArray[tokenIdIndex].blockTimestampDeposit = uint40(block.timestamp);
feeDataArray[tokenIdIndex].upliftFeeBps = upliftFeeBps;
...
}
}
}
Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding_afterUpdate_blockNumber_instead_of_timestamp

Likelihood: Medium/High, any NFT transfer will change this variable. Impact: Informational/Very Low. This variable is unused and won’t impact anything, but the array is public and its getter will return a variable with inconsistencies.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!