dhank - Able to update new startBlock greater then old startBlock

[sherlock-admin2]

dhank

medium

Able to update new startBlock greater then old startBlock

Summary

Not checking whether the new startBlock is greater than old startBLock while updating startBlock.Hence the wrong rewards are calculated when the old start Block > current block number

Vulnerability Detail

In the function

https://github.com/sherlock-audit/2024-05-sophon/blob/05059e53755f24ae9e3a3bb2996de15df0289a6c/farming-contracts/contracts/farm/SophonFarming.sol#L272-L280

function setStartBlock(uint256 _startBlock) public onlyOwner {
        if (_startBlock == 0 || (endBlock != 0 && _startBlock >= endBlock)) {
            revert InvalidStartBlock();
        }
        if (getBlockNumber() > startBlock) {
            revert FarmingIsStarted();
        }
        startBlock = _startBlock;
    }

we dont have the condition to check whether the _startBlock > startBlock.
pool.lastRewardBlock still has the old value of startBLock.

Impact

pool.lastRewardBlock will store the incorrect value of old startBlock even though new startBlock has been initialised by owner.
As a result wrong rewards will get calculated.

Code Snippet

https://github.com/sherlock-audit/2024-05-sophon/blob/05059e53755f24ae9e3a3bb2996de15df0289a6c/farming-contracts/contracts/farm/SophonFarming.sol#L272-L280

Tool used

Manual Review

Recommendation

Duplicate of #108

[sherlock-admin4]

1 comment(s) were left on this issue during the judging contest.

0xmystery commented:

valid because lastRewardBlock for each pool should indeed sync with the latest startBlock

[mystery0x]

This report should be valid as it described scenario 1 of #108.