HonorLt - Incorrect new expiration when extending expired deposit #552

github-actions · 2023-02-22T00:56:15Z

HonorLt

medium

Incorrect new expiration when extending expired deposit

Summary

extendDeposit assigns the wrong new expiration time when the deposit has expired.

Vulnerability Detail

extendDeposit calculates the new expiration differently depending if the deposit has expired or not:

    function extendDeposit(
        bytes32 _depositId,
        uint256 _seconds,
        address _funder
    ) external virtual onlyDepositManager nonReentrant returns (uint256) {
        ...
        if (
            block.timestamp > depositTime[_depositId] + expiration[_depositId]
        ) {
            expiration[_depositId] =
                block.timestamp -
                depositTime[_depositId] +
                _seconds;
        } else {
            expiration[_depositId] = expiration[_depositId] + _seconds;
        }

        return expiration[_depositId];
    }

As you can see, when it has expired, the new expiration time is calculated this way:
block.timestamp - depositTime[_depositId] + _seconds;
This basically translates to the time elapsed since the deposit plus new seconds.

I believe this calculation is wrong. It operates on the elapsed time with no anchor to any specific timestamp. To illustrate why I think this is wrong, let's see this example:

I deposited now with an expiration of 5 seconds. The initial deposit expiration is now + 5s, where now is a UNIX timestamp. 1676471088 at the time of writing, so my expiration is 1676471093.
After 10 seconds (UNIX timestamp 1676471098), I decided to extend my deposit by 30 seconds. The current algorithm will calculate this new expiration timestamp:
1676471998 - 1676471088 + 30 = 940
Clearly, this is a wrong timestamp. It has already passed.

Impact

Now it is practically impossible to extend an expired deposit.

Code Snippet

https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/Bounty/Implementations/BountyCore.sol#L108-L114

Tool used

Manual Review

Recommendation

I think a simple solution would be to continue from the current timestamp when the deposit is expired:
expiration[_depositId] = block.timestamp + _seconds.
Another more precise option would be allowing users to specify not the seconds but the end timestamp.

The text was updated successfully, but these errors were encountered:

IAm0x52 · 2023-02-22T01:35:42Z

Invalid. Watson misunderstands how expiration works. It is the amount of time AFTER the deposit timestamp that the deposit expires NOT the timestamp that it expires. Current logic is working as intended.

hrishibhat · 2023-03-05T08:36:39Z

Agree with Lead watson comment

github-actions bot added Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue labels Feb 22, 2023

github-actions bot mentioned this issue Feb 22, 2023

Avci - in extendDeposit in Bounty core there is incorrect calc of time #567

Closed

FlacoJones added the Sponsor Disputed The sponsor disputed this issue's validity label Feb 22, 2023

hrishibhat closed this as completed Mar 5, 2023

sherlock-admin added Non-Reward This issue will not receive a payout and removed Medium A valid Medium severity issue labels Mar 7, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

HonorLt - Incorrect new expiration when extending expired deposit #552

HonorLt - Incorrect new expiration when extending expired deposit #552

github-actions bot commented Feb 22, 2023

IAm0x52 commented Feb 22, 2023

hrishibhat commented Mar 5, 2023

HonorLt - Incorrect new expiration when extending expired deposit #552

HonorLt - Incorrect new expiration when extending expired deposit #552

Comments

github-actions bot commented Feb 22, 2023

Incorrect new expiration when extending expired deposit

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

IAm0x52 commented Feb 22, 2023

hrishibhat commented Mar 5, 2023