Core Contracts

Summary

The MATURITY_DATE in the ZENO contract is configured independently of the Auction contract's endTime. If MATURITY_DATE is set before the Auction.endTime, users can redeem their ZENO tokens immediately after purchase, bypassing the intended bond logic. This violates the assumption that redemption should only occur after the auction has concluded and the maturity date has been reached.

Vulnerability Details

• The MATURITY_DATE in the ZENO contract is set during deployment and is not synchronized with the Auction contract's endTime.

• If MATURITY_DATE < Auction.endTime, users can call the redeem or redeemAll functions immediately after purchasing ZENO tokens, even though the auction is still active.

• The bond logic assumes that users cannot redeem their ZENO tokens until the maturity date has passed.

• However, if MATURITY_DATE is misconfigured, this assumption is violated, allowing early redemptions.

Example

• Suppose:

  • Auction.endTime = 200

  • ZENO.MATURITY_DATE = 150

  A user purchases ZENO tokens at block.timestamp = 120 and attempts to redeem them at block.timestamp = 160. Since 160 > MATURITY_DATE (150), the redemption succeeds, even though the auction is still ongoing (160 < Auction.endTime).

Impact

• Users can redeem their ZENO tokens before the auction concludes, potentially disrupting the intended economic model of the bond system.

• Early redemptions reduce the time available for the protocol to generate returns on the collected USDC, leading to potential revenue loss.

Tools Used

Manual Review

Recommendations

• Ensure that MATURITY_DATE is always set to a value greater than or equal to Auction.endTime during deployment.

• Use a deployment script to validate that MATURITY_DATE >= Auction.endTime before deploying the contracts