Skip to content
This repository has been archived by the owner on Nov 24, 2024. It is now read-only.

zzykxx - setStartBlock() doesn't change the block at which already existing pools will start accumulating points #108

Open
sherlock-admin2 opened this issue May 24, 2024 · 2 comments
Open

zzykxx - setStartBlock() doesn't change the block at which already existing pools will start accumulating points #108

sherlock-admin2 opened this issue May 24, 2024 · 2 comments
Labels
Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented May 24, 2024
edited by sherlock-admin3
Loading

zzykxx

high

setStartBlock() doesn't change the block at which already existing pools will start accumulating points

Summary

The function setStartBlock() can be called by the owner to change the block number at which points will start accumulating. When it's called, the block at which already existing pools will start accumulating points will not change. Already existing pools will:

  1. Start accumulating points from the old startBlock if the new startBlock is set after the old one.
  2. Not accumulate rewards until the old startBlock is reached if the new startBlock is set before the old one.

Vulnerability Detail

This happens because updatePool() considers the pool lastRewardBlock as the block number from which points should start accumulating and setStartBlock() never updates the lastRewardBlock of the already existing pools to the new startBlock.

POC

Runnable POC that showcases point 1 explained above. Can be copy-pasted in SophonFarming.t.sol:

function test_SettingStartBlockDoesntUpdatePools() public {
    address alice = makeAddr("alice");
    uint256 amountToDeposit = sDAI.convertToAssets(1e18);

    vm.prank(alice);
    dai.approve(address(sophonFarming), type(uint256).max);
    deal(address(dai), alice, amountToDeposit);

    //-> Pools original `startBlock` is `1`
    //-> Admin changes `startBlock` to `100`
    vm.prank(deployer);
    sophonFarming.setStartBlock(100);

    //-> Alice deposits at block `90`, which is after the previous `startBlock` (1) but before the current `startBlock` (100)
    vm.roll(90);
    vm.prank(alice);
    sophonFarming.depositDai(amountToDeposit, 0);

    //-> After 9 blocks, at block `99`, Alice has accumulated rewards but she shouldn't have because the current `startBlock` (100) has not been reached yet
    vm.roll(99);
    vm.prank(alice);
    sophonFarming.withdraw(0, type(uint256).max);
    assertEq(sophonFarming.pendingPoints(0, alice), 74999999999999999999);
}

Can be run with:

forge test --match-test test_SettingStartBlockDoesntUpdatePools -vvvvv

Impact

When setStartBlock() is called the block at which already existing pools will start accumulating points will not change.

Code Snippet

Tool used

Manual Review

Recommendation

In setStartBlock() loop over all of the existing pools and adjust each pool lastRewardBlock to the new startBlock. Furthermore setStartBlock() should revert if the new startBlock is lower than the current block.number as this would create problems in points distribution accounting if the above fix is implemented.
@github-actions github-actions bot added Medium A valid Medium severity issue Has Duplicates A valid issue with 1+ other issues describing the same vulnerability labels May 28, 2024
This was referenced May 28, 2024
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@sherlock-admin4
Copy link
Contributor

1 comment(s) were left on this issue during the judging contest.

0xmystery commented:

valid because lastRewardBlock for each pool should indeed sync with the latest startBlock (best because the report is succinct and comprehensive explaining each of the two scenarios)

@sherlock-admin3 sherlock-admin3 added the Sponsor Confirmed The sponsor acknowledged this issue is valid label May 31, 2024
@sherlock-admin3 sherlock-admin3 changed the title Happy Aegean Crab - setStartBlock() doesn't change the block at which already existing pools will start accumulating points zzykxx - setStartBlock() doesn't change the block at which already existing pools will start accumulating points Jun 1, 2024
@sherlock-admin3 sherlock-admin3 added Reward A payout will be made for this issue Will Fix The sponsor confirmed this issue will be fixed and removed Sponsor Confirmed The sponsor acknowledged this issue is valid labels Jun 1, 2024
RomanHiden added a commit to sophon-org/farming-contracts that referenced this issue Jun 3, 2024
@RomanHiden
fixing shrelock issue #108 sherlock-audit/2024-05-sophon-judging#108
4b33930
CryptoMan0x pushed a commit to sophon-org/farming-contracts that referenced this issue Jun 3, 2024
@RomanHiden
fixing shrelock issue #108 sherlock-audit/2024-05-sophon-judging#108 (#6
1f8d4e5 
)
@sherlock-admin3 sherlock-admin3 added the Sponsor Confirmed The sponsor acknowledged this issue is valid label Jun 10, 2024
@CryptoMan0x
Copy link

Issue is no longer relevant since we removed the global startBlock setting: sophon-org/farming-contracts@18b59d5

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sherlock-admin2 @CryptoMan0x @sherlock-admin3 @sherlock-admin4