Vanguard

First Flight #56

Beginner FriendlyDeFiFoundry

0 EXP

View all submissions

Previous Next

Submission Details

Impact: medium

Likelihood: high

Phase State Stored Redundantly

Author Revealed upon completion

The current phase is derived from multiple states which can cause the phase logic to drift from reality.

Description

Phase determination should be derived deterministically from launchStartBlock and block number.
The contract stores currentPhase in state while also recomputing phase dynamically. This introduces the risk of phase drift if state updates fail or are skipped, increasing audit and reasoning complexity.

uint256 public currentPhase;

// @> Phase is also recomputed dynamically via block.number

function getCurrentPhase() public view returns (uint256) {

if (launchStartBlock == 0) return 0;

uint256 blocksSinceLaunch = block.number - launchStartBlock;

if (blocksSinceLaunch < phase1Duration) {

return 1;

} else if (blocksSinceLaunch < phase1Duration + phase2Duration) {

return 2;

} else {

return 3;

}

Risk

Likelihood:

Occurs during phase transitions
Becomes more likely as logic complexity increases

Impact:

Inconsistent phase reporting
Harder to reason about protocol behavior

Proof of Concept

Phase is recomputed via getCurrentPhase()
Stored currentPhase differs due to missed update
View functions and swap logic diverge

Rewards breakdown

nSLOC

273

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!