Skip to content

Latest commit

 

History

History
27 lines (22 loc) · 2.12 KB

File metadata and controls

27 lines (22 loc) · 2.12 KB

Overt Alabaster Cottonmouth

Medium

Validation of time window allowed to call markUnhealthy() forgets to account for any paused duration

Description & Impact

After calling unvouch(), author can call markUnhealthy() within a time window of unhealthyResponsePeriod or 24 hours which is verified via an internal call to function _vouchShouldBePossibleUnhealthy(). Consider this:

  • User calls unvouch() at 10 AM on Day1. They have the liberty to call markUnhealthy() until 10 AM on Day2.
  • Due to some circumstances protocol is paused at 10:05 AM and it takes 24 hours to resolve the issue and set it back to unpaused state.
  • Impact: User lost the ability to call markUnhealthy() now as the paused time-period was not taken into account by the code logic when calculating stillHasTime here:
  File: ethos/packages/contracts/contracts/EthosVouch.sol

   855:            function _vouchShouldBePossibleUnhealthy(uint256 vouchId) private view {
   856:              Vouch storage v = vouches[vouchId];
   857:@--->         bool stillHasTime = block.timestamp <=
   858:@--->           v.activityCheckpoints.unvouchedAt + unhealthyResponsePeriod;
   859:          
   860:              if (!v.archived || v.unhealthy || !stillHasTime) {
   861:                revert CannotMarkVouchAsUnhealthy(vouchId);
   862:              }
   863:            }

Mitigation

The protocol would have to store the timestamps of the start & end of pause states. This is to ensure that even if there are multiple pauses & unpauses the correct cumulative paused time can be added as a grace period while calculating stillHasTime.