Submission Details
Severity:
`Snow::buySnow` function make the earn timer resets
Description:
Calling Snow::buySnow function resets the users earn timer, making they must wait again until the period between earns (a week) has passed.
function buySnow(uint256 amount) external payable canFarmSnow {
if (msg.value == (s_buyFee * amount)) {
_mint(msg.sender, amount);
} else {
i_weth.safeTransferFrom(msg.sender, address(this), (s_buyFee * amount));
_mint(msg.sender, amount);
}
@> s_earnTimer = block.timestamp;
emit SnowBought(msg.sender, amount);
}
Impact:
Users will lose any unclaimed rewards until the buying execution.
Proof of Concept:
Add the following after the TestSnowmanAirdrop test suite:
function testBuyResetEarnsTime() public {
vm.deal(bob, 10 ether);
uint256 alicePrevBalance = snow.balanceOf(alice);
vm.warp(block.timestamp + 1 weeks);
vm.prank(alice);
snow.earnSnow();
assertEq(snow.balanceOf(alice), alicePrevBalance + 1);
vm.warp(block.timestamp + 1 weeks);
// bob buy 3 snow and the earn timer will resets
vm.prank(bob);
snow.buySnow{value: snow.s_buyFee() * 3}(3);
// alice can't earn the snow now
vm.prank(alice);
vm.expectRevert(Snow.S__Timer.selector);
snow.earnSnow();
}
Recommended Mitigation:
On Snow.sol::buySnow function:
function buySnow(uint256 amount) external payable canFarmSnow {
if (msg.value == (s_buyFee * amount)) {
_mint(msg.sender, amount);
} else {
i_weth.safeTransferFrom(msg.sender, address(this), (s_buyFee * amount));
_mint(msg.sender, amount);
}
- s_earnTimer = block.timestamp;
emit SnowBought(msg.sender, amount);
}
Updates
Lead Judging Commences
yeahchibyke about 2 months ago
Submission Judgement Published Assigned finding tags:
buying of snow resets global timer thus affecting earning of free snow
When buySnow is successfully called, the global timer is reset. This inadvertently affects the earning of snow as that particular action also depends on the global timer.
Rewards breakdown
nSLOC
215This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.