Wrong value of month in seconds #117
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-273
satisfactory
satisfies C4 submission criteria; eligible for awards
Comments
code423n4
added
2 (Med Risk)
code423n4
added a commit
that referenced
this issue
Dec 15, 2022
|
gzeon-c4 marked the issue as duplicate of #273 |
|
gzeon-c4 marked the issue as satisfactory |
c4-judge
added
the
satisfactory
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2022-12-forgeries/blob/main/src/VRFNFTRandomDraw.sol#L33
Vulnerability details
Impact
Current month value is more than the real value in seconds for month which can cause wrong calculation in recovery time.
Proof of Concept
Here if you see
MONTH_IN_SECONDS * 12which is217728000instead of regular value:31556926Tools Used
Manual Analysis
Recommended Mitigation Steps
Add year variable setting it to seconds:
31556926and change month variable value:3600*24*30The text was updated successfully, but these errors were encountered: