Late Infrared Bobcat
High
Unrestricted Sale Period Leading to Permanent Open Sale
Summary
The function set_sale_period does not set an upper limit on the time period, allowing a malicious admin to set a very large ends_at value, making the sale permanently open and freezing user funds.
Vulnerability Detail
The function only checks that new_starts_at < new_ends_at, but does not set a reasonable threshold for new_ends_at (e.g., not allowing it to exceed 10 years in the future). An attacker (admin) can set the sale end time to u64::MAX (e.g., 18446744073709551615 seconds), causing the time check in the fund function to always pass.
Impact
Medium risk. Users are unable to redeem tokens at the expected time, and contract funds are locked for an extended period.
Code Snippet https://github.com/sherlock-audit/2025-02-rova/blob/main/rova-movement-contracts/sources/rova_sale.move#L245
assert!(new_starts_at < new_ends_at, ...); // Only basic check
sale_config.ends_at = new_ends_at; Tool Used
Manual Review
Recommendation
Add a check for new_ends_at <= max_allowed_time (e.g., set a maximum duration at deployment).
PoC
// Malicious admin sets a very long period
set_sale_period(
admin_signer,
0,
18446744073709551615 // Maximum u64 value
);
// Can call `fund` at any time in the future
fund(...);