Assessment reports>H20 vlPSDN>Discussion>Input validation check

Input validation check

The LockRewards.redeposit function is used to increase a caller's deposit amount without extending the locking period. If the function is called when the caller has no deposit, the transaction will succeed, but the deposit will not be considered when calculating rewards.

Thus, it should only be called when the caller has an actual deposit and before the lockEpochs expire to increase the deposit and the reward. Additionally, calling the function with a zero amount is useless and should be prevented by adding a check that ensures the input amount is not zero and that the caller has a nonexpired deposit.

Remediation

The issue has been fixed by H20 in commit 046ab60b.

Zellic © 2023Back to top ↑