This repository has been archived by the owner on May 26, 2023. It is now read-only.
kiki_dev - extendDeposit()
Does not check that extension will unexpire deposit. After extension deposit can still be expired.
#334
Labels
Duplicate
A valid issue that is a duplicate of an issue with `Has Duplicates` label
Non-Reward
This issue will not receive a payout
kiki_dev
medium
extendDeposit()
Does not check that extension will unexpire deposit. After extension deposit can still be expired.Summary
In
depositManagerV1.sol
there is a function calledextendDeposit()
that allows a user to extend the expiration for a particular deposit. However the functions seems to be missing a check to ensure that the extension actual pushes the expiration date beyondblock.timestamp
. Because of this user will end up wasting transactions extending the expiration date to a date that has already passed.Vulnerability Detail
Here is an example scenario:
Alice deposits 10eth into a bounty with an expiration of 24 hours
A week passes
Alice not calculating the days corectly extends the deposit by 5 days.
expiration
Alice's funds are still expired by a day.
Here is another example.
With numbers in place here you can see how easy it would be to have the transaction be useless due to the deposit remaining expired.
Resulting in this:
Impact
Function will not work as excpeted per documnetation. This will lead to wasted transaction on the users end and overall bad experience with the protocol.
Code Snippet
https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/Bounty/Implementations/BountyCore.sol#L111
Tool used
Manual Review
Recommendation
Add a check that ensures that
expiration + extendedTime > block.timestamp
. Same change to prevent users from wasting money and having a bad experience with protocol.Duplicate of #552
The text was updated successfully, but these errors were encountered: