Submission Details
Severity:
Malicious user can exceed maximum lock duration (4 years)
Summary
In veRAACToken.sol in extend function missing check that new duration is exceed maximum lock duration (4 years) or not. Malicious user can exceed that limit .
Vulnerability Details
In veRAACToken.sol in extend function missing check that new duration is exceed maximum lock duration (4 years) or not ..
function extend(uint256 newDuration) external nonReentrant whenNotPaused {
@>>> //Missing check there
// Extend lock using LockManager
uint256 newUnlockTime = _lockState.extendLock(msg.sender, newDuration);
// Update voting power
LockManager.Lock memory userLock = _lockState.locks[msg.sender];
(int128 newBias, int128 newSlope) = _votingState.calculateAndUpdatePower(
msg.sender,
userLock.amount,
newUnlockTime
);
// Update checkpoints
uint256 oldPower = balanceOf(msg.sender);
uint256 newPower = uint256(uint128(newBias));
_checkpointState.writeCheckpoint(msg.sender, newPower);
// Update veToken balance
if (newPower > oldPower) {
_mint(msg.sender, newPower - oldPower);
} else if (newPower < oldPower) {
_burn(msg.sender, oldPower - newPower);
}
emit LockExtended(msg.sender, newUnlockTime);
}
Using that function maliciouse user can exceed maximum lock duration (4 years)
Impact
Breake Protocol rule [as commented in code base]
Tools Used
manual Review
Recommendations
Use chek that new duration is exceed 4 year or not.
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.