Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Report #36

Open
code423n4 opened this issue Apr 2, 2022 · 3 comments
Open

QA Report #36

code423n4 opened this issue Apr 2, 2022 · 3 comments
Labels
bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2022-03-paladin/blob/main/contracts/HolyPaladinToken.sol#L729

Vulnerability details

Impact

If startDropPerSecond is initialized at less than endDropPerSecond the contract will be unusable. There will be an underflow in _updateDropPerSecond which will always revert. This function is called throughout the contract, in critical functions like lock and claim, if it were to always revert the contract would be broken and unusable.

Proof of Concept

If startDropPerSecond is initialized at less than endDropPerSecond in the constructor, the contract will be deployed without issue but will be broken.

Tools Used

Manual analysis

Recommended Mitigation Steps

Add a check in the constructor that ensures startDropPerSecond >= endDropPerSecond
@code423n4 code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Apr 2, 2022
code423n4 added a commit that referenced this issue Apr 2, 2022
@code423n4
teryanarmen issue #36
b86959f
@Kogaroshi Kogaroshi added the sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") label Apr 2, 2022
@Kogaroshi
Copy link
Collaborator

PR with changes: PaladinFinance/Paladin-Tokenomics#8

@Kogaroshi Kogaroshi added the resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) label Apr 5, 2022
@0xean
Copy link
Collaborator

0xean commented Apr 8, 2022

Downgrading to QA based on the following as explained in #80

This is an exceedingly rare bug and unlikely to happen because

it is the admin that calls function setEndDropPerSecond.
it can only occur when block.timestamp == startDropTimestamp + dropDecreaseDuration. Reverts will not occur at any subsequent timestamp.

@0xean 0xean added QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Apr 8, 2022
@JeeberC4
Copy link

Judge downgraded to QA, warden did not submit a QA Report, preserving original title: Potentially dead contract

@JeeberC4 JeeberC4 changed the title Potentially dead contract QA Report Apr 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@0xean @Kogaroshi @code423n4 @JeeberC4