ConfidencePool records time-weighted stake moments and opens riskWindowStart on the first observation of UNDER_ATTACK or PROMOTION_REQUESTED. This window is required for the protocol's k=2 bonus accounting, and the pool should remain able to process registry observations, expiry resolution, and moderator settlement throughout the agreement lifecycle.
The protocol uses absolute Unix timestamps in squared intermediate expressions. stake() first stores received * block.timestamp * block.timestamp; later, the first active-risk observation rewrites the global moment as totalEligibleStake * block.timestamp * block.timestamp.
An attacker can select an amount that is small enough for the first multiplication at timestamp t, but too large for the second multiplication at timestamp t + 1. Since Solidity 0.8 reverts on overflow, _markRiskWindowStart() always reverts. The revert also rolls back riskWindowStart, allowing the same denial of service to be repeated for every call made while the registry remains in an active-risk state.
Likelihood: Medium
The factory does not constrain an allowlisted token's raw-unit supply or a pool's total eligible stake.
A standard ERC-20 balance of approximately 3.78e58 raw units at a production-scale timestamp is sufficient. The actual likelihood depends on the supply, decimals, and economics of tokens admitted to the factory allowlist.
Impact: Medium
pokeRiskWindow, stake, contributeBonus, withdraw, flagOutcome, claimExpired, and setPoolScope all observe registry state. During an active registry state, each such call reverts before it can complete its intended lifecycle action.
Principal and bonus settlement can be delayed for the entire active-risk period. The attack does not require a privileged protocol role once an eligible high-supply token exists.
Add the following test to test/unit/ConfidencePool.k2Bonus.t.sol. It reuses the project's BaseConfidencePoolTest fixture and its mock ERC-20/registry.
For t = 1,750,000,000, this test uses:
Set a total-stake cap derived from the maximum supported timestamp before storing any time-squared moment. The factor of two also protects the later T² * stake + sumStakeTimeSq and 2 * T * sumStakeTime expressions in _bonusShare.
As a defense in depth measure, the protocol can also rebase moment accounting to elapsed time from riskWindowStart rather than using absolute Unix timestamps. This reduces the magnitude of the arithmetic but does not replace the total-stake bound unless every elapsed-time expression is separately bounded.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.