Last updated
Was this helpful?
Submitted on May 21st 2024 at 12:27:19 UTC by @copperscrewer for
Report ID: #31566
Report type: Smart Contract
Report severity: Medium
Target: https://github.com/alchemix-finance/alchemix-v2-dao/blob/main/src/VotingEscrow.sol
Impacts:
Contract fails to deliver promised returns, but doesn't lose value
Voting Escrow Checkpoints won't update block number in point because of a Rounding issue, currently the block time in Ethereum is around ~ 12 seconds, There is an attempt to calculate block slope by the difference of the block number multiplied by a MULTIPLIER and then divided by the difference in block.timestamp.
There is an issue because of the precision of the division.
In _checkpoint of VotingEscrow there is a line
blockSlope = (MULTIPLIER * (block.number - lastPoint.blk)) / (block.timestamp - lastPoint.ts);
Here blockSlope will always be zero as for each block.number the difference in block.timestamp is around ~ 12 seconds. The MULTIPLIER : 2 is too low to cover that and as a result it becomes zero as the numerator is lesser than the denominator
lastPoint.blk = initialLastPoint.blk + (blockSlope * (_time - initialLastPoint.ts)) / MULTIPLIER; as a result will be stagnant and never be updated.
The Point objects used in _checkpoint never have their block value updated. This will affect any off-calculation/computation that relies on the block number for points to make a transaction
Increase MULTIPLIER to a much higher value ~ 10000
Run forge test --match-test testRounding --fork-url https://eth-mainnet.alchemyapi.io/v2/[API_KETY] -vvv
after pasting this function in VotingEscrow.t.sol
