For a good-faith CORRUPTED outcome, the named attacker is granted 180 days to claim the pool bounty.
The contract records the first good-faith corruption timestamp and the claim deadline using uint32:
When the moderator first flags a good-faith corruption, the deadline is calculated as follows:
The contract permits pool expiries up to:
Therefore, good-faith corruption can validly be flagged during the final 180 days before the uint32 timestamp ceiling.
When:
the addition exceeds type(uint32).max. The explicit cast does not revert; it truncates the high bits and stores a small timestamp near the beginning of the Unix epoch.
For example:
The stored deadline is already far less than the current timestamp.
Consequently, immediately after the moderator flags the good-faith outcome:
The attacker cannot claim any bounty.
At the same time, anyone can immediately execute:
The complete pool is transferred to recoveryAddress without providing the named good-faith attacker the intended 180-day claim period.
The named whitehat permanently loses the complete bounty entitlement.
The consequences are:
claimAttackerBounty() reverts immediately;
the full claim window is eliminated;
anyone can immediately sweep the complete pool;
all staked principal and bonus are redirected to recoveryAddress;
the moderator cannot repair the deadline through re-flagging because _firstGoodFaithCorruptedAt is intentionally never reset.
The financial impact is High, because the loss can equal the pool's complete principal and bonus balance.
The likelihood is Low, because the issue becomes reachable only during the final 180 days before type(uint32).max, approximately in 2105–2106.
Add the following test to a contract inheriting BaseConfidencePoolTest:
A helper can deploy the pool with a chosen expiry:
Do not store the bounty timestamps as uint32.
Use uint64 or uint256:
Then calculate the deadline without a narrowing conversion:
Using uint256 is simpler and avoids all timestamp-ceiling concerns:
The same timestamp-width policy should be applied consistently to:
expiry;
riskWindowStart;
riskWindowEnd;
outcomeFlaggedAt;
_firstGoodFaithCorruptedAt;
corruptedClaimDeadline.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.