Omniscia Parabola Finance Audit
MultiStakingRewards Static Analysis Findings
MultiStakingRewards Static Analysis Findings
MSR-01S: Circumventable Truncation of Unlock
| Type | Severity | Location |
|---|---|---|
| Mathematical Operations | Medium | MultiStakingRewards.sol:L378, L402, L435, L563 |
Description:
The unlock periods the contract supports are always truncated to multiples of the rewardsDuration, thus permitting a user to take advantage of a particular period by setting their balance as unlockable a second before the period ends and thus practically lock their tokens for one period less than they are supposed to.
Example:
contracts/MultiStakingRewards.sol
563uint256 unlockTime = block.timestamp.div(rewardsDuration).mul(rewardsDuration).add(rewardsDuration * week);Recommendation:
We advise this trait of the system to be re-evaluated as it currently allows users to boost their balance (should 1 week be acceptable) for a very brief amount of lock time. In general, this will cause an n lockup period to become an n - 1 lockup.
Alleviation:
The Parabola team opted not to apply a remediation for this finding in the current iteration of the codebase.