Skip to content
This repository has been archived by the owner on Nov 24, 2024. It is now read-only.

utsav - setStartBlock doesn't update the lastRewardBlock #155

Closed
sherlock-admin4 opened this issue May 24, 2024 · 2 comments
Closed

utsav - setStartBlock doesn't update the lastRewardBlock #155

sherlock-admin4 opened this issue May 24, 2024 · 2 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Disputed The sponsor disputed this issue's validity

Comments

@sherlock-admin4
Copy link
Contributor

sherlock-admin4 commented May 24, 2024
edited by sherlock-admin3
Loading

utsav

medium

setStartBlock doesn't update the lastRewardBlock

Summary

setStartBlock doesn't update the lastRewardBlock and this can lead to wrong reward calculation

Vulnerability Detail

Owner can update the startBlock before farming started

    function setStartBlock(uint256 _startBlock) public onlyOwner {
        if (_startBlock == 0 || (endBlock != 0 && _startBlock >= endBlock)) {
            revert InvalidStartBlock();
        }
        if (getBlockNumber() > startBlock) {
            revert FarmingIsStarted();
        }
        startBlock = _startBlock;
    }

But the issue is setStartBlock doesn't update lastRewardBlock of pools. As a result pool will be started earlier or later but reward will be calculated based on old lastRewardBlock

Impact

User can get less/more reward than expected

Code Snippet

https://github.com/sherlock-audit/2024-05-sophon/blob/main/farming-contracts/contracts/farm/SophonFarming.sol#L272C1-L280C6

Tool used

Manual Review + VS code

Recommendation

Update the lastRewardBlock while updating startBlock

Duplicate of #108
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels May 28, 2024
@sherlock-admin2
Copy link
Contributor

1 comment(s) were left on this issue during the judging contest.

0xmystery commented:

valid because lastRewardBlock for each pool should indeed sync with the latest startBlock

@sherlock-admin3 sherlock-admin3 added the Sponsor Disputed The sponsor disputed this issue's validity label May 31, 2024
@mystery0x
Copy link
Collaborator

This report should be valid as it described both scenarios 1 and 2 (albeit in a simpler way) of #108.

@sherlock-admin3 sherlock-admin3 changed the title Orbiting Gunmetal Snake - setStartBlock doesn't update the lastRewardBlock utsav - setStartBlock doesn't update the lastRewardBlock Jun 1, 2024
@sherlock-admin3 sherlock-admin3 added the Reward A payout will be made for this issue label Jun 1, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Disputed The sponsor disputed this issue's validity
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sherlock-admin2 @mystery0x @sherlock-admin3 @sherlock-admin4