Wrong calculation of MONTH_IN_SECONDS #358
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-273
satisfactory
satisfies C4 submission criteria; eligible for awards
Comments
code423n4
added
2 (Med Risk)
|
gzeon-c4 marked the issue as duplicate of #273 |
|
gzeon-c4 marked the issue as satisfactory |
c4-judge
added
the
satisfactory
C4-Staff
added a commit
that referenced
this issue
Jan 7, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2022-12-forgeries/blob/fc271cf20c05ce857d967728edfb368c58881d85/src/VRFNFTRandomDraw.sol#L33
https://github.com/code-423n4/2022-12-forgeries/blob/fc271cf20c05ce857d967728edfb368c58881d85/src/VRFNFTRandomDraw.sol#L86
https://github.com/code-423n4/2022-12-forgeries/blob/fc271cf20c05ce857d967728edfb368c58881d85/src/VRFNFTRandomDraw.sol#L95
Vulnerability details
Wrong calculation of MONTH_IN_SECONDS :
line 33 on VRFNFTRandomDraw.sol is calculating 30 weeks of 7 days instead of 30 days.
30 weeks of 7 days = (3600 * 24 * 7) * 30.
30 days = 3600 * 24 * 30.
so https://github.com/code-423n4/2022-12-forgeries/blob/fc271cf20c05ce857d967728edfb368c58881d85/src/VRFNFTRandomDraw.sol#L86 and https://github.com/code-423n4/2022-12-forgeries/blob/fc271cf20c05ce857d967728edfb368c58881d85/src/VRFNFTRandomDraw.sol#L95 wont work properly
The text was updated successfully, but these errors were encountered: