Comments (9)
CergyK
commented on July 26, 2024
2
Escalate
This is an admin function, the admin can be trusted to not call these operations when voting is routinely locked to not interfere with rewards distribution
Moreover, outside of routine cycle increments, it would be a good procedure to lock votes before the admin changes weights, as described in other reported issues such as #122
from 2023-11-convergence-judging.
Czar102
commented on July 26, 2024
1
I believe the escalation makes a valid point. Planning to consider this issue a low severity one.
from 2023-11-convergence-judging.
0xR3vert
commented on July 26, 2024
Hello,
Thanks a lot for your attention.
Absolutely, if we kill a gauge or change a type weight during the distribution, it would distribute wrong amounts, even though we're not planning to do that. We can make sure it doesn't happen by doing what you said: locking those functions to avoid any problems.
Therefore, in conclusion, we must consider your issue as a valid.
Regards,
Convergence Team
from 2023-11-convergence-judging.
nevillehuang
commented on July 26, 2024
I will keep this as medium as although on first look this could be "admin error", as sponsor mentioned, honest users claiming during killing of a gauge or weight change can result in inaccurate result distribution.
from 2023-11-convergence-judging.
sherlock-admin2
commented on July 26, 2024
Escalate
This is an admin function, the admin can be trusted to not call these operations when voting is routinely locked to not interfere with rewards distribution
Moreover, outside of routine cycle increments, it would be a good procedure to lock votes before the admin changes weights, as described in other reported issues such as #122
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
from 2023-11-convergence-judging.
nevillehuang
commented on July 26, 2024
See comments here
from 2023-11-convergence-judging.
Czar102
commented on July 26, 2024
Result:
Low
Unique
from 2023-11-convergence-judging.
sherlock-admin2
commented on July 26, 2024
Escalations have been resolved successfully!
Escalation status:
- CergyK: accepted
from 2023-11-convergence-judging.
IAm0x52
commented on July 26, 2024
Fix looks good. _setTotalWeight has now been folded inside _checkpoints to avoid this issue
from 2023-11-convergence-judging.
Related Issues (20)
- ydlee - A token owner cannot remove one mgCvg delegation when he already delegates to `maxMgDelegatees` addresses.
- chainNue - Allowance is not set to zero first before approving
- cducrest-brainbot - Withdrawing rewards will convert sdt to cvgSDT at any rate
- mahmudsudo - empty array input claims rewards HOT 1
- pontifex - Unexpected revert at the `delegateMgCvg` and `delegateVeCvg` when delegation removal
- pontifex - Users can't receive rewards in the actual `cvgCycle` due to unexpected error HOT 11
- zraxx - When `delegateMgCvg` is used for update or remove, it will be reverted due to improper require checks. HOT 1
- pontifex - Tokens distribution may be broken due to incorrect address verification when depositing tokens HOT 1
- 0xmuxyz - The locked-amount and the voting power can still be increased even after the given `tokenId` of locking position NFT (ERC721) would be burned via the LockingPositionService#`burnPosition()` HOT 1
- CL001 - In the case that the total supply of CVG tokens is insufficient, the last user to claim the rewards will suffer a loss HOT 2
- jah - a malicious user can prevent a user from receiving a delegation
- bitsurfer - Did not approve to zero first issue
- bitsurfer - Possible DoS happening when gauge weight is changing due to underflow of `pt.slope -= d_slope`
- jah - wrong time when increasing the locking time HOT 1
- lemonmon - `LockingPositionService.mintPosition()` problems with duplicate `tokenIds` from `LockingPositionManager` may cause users to lose their funds HOT 3
- qpzm - Out-of-gas error in `CvgERC721TimeLockingUpgradeable.getTokenIdsForWallet` HOT 1
- Inspex - If admin kill a gauge, userβs voting power for that gauge may lost 1 or 2 cycles HOT 1
- hash - Possible loss of unclaimed rewards for long-term frequent stakers
- GimelSec - `SdtStakingPositionService.processSdtRewards` could record the wrong amount of sdt reward.
- jah - wrong calculation which leads to a not being able to function properly HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from 2023-11-convergence-judging.