Skip to content
This repository has been archived by the owner on Jan 12, 2025. It is now read-only.

AuditorPraise - reverts in Voter.vote() due to wrong check in BribeRewarder._modify() [DOS] #102

Closed
sherlock-admin2 opened this issue Jul 15, 2024 · 0 comments
Closed

AuditorPraise - reverts in Voter.vote() due to wrong check in BribeRewarder._modify() [DOS] #102

sherlock-admin2 opened this issue Jul 15, 2024 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. Reward A payout will be made for this issue

Comments

@sherlock-admin2
Copy link

sherlock-admin2 commented Jul 15, 2024
edited by sherlock-admin4
Loading

AuditorPraise

High

reverts in Voter.vote() due to wrong check in BribeRewarder._modify() [DOS]

Summary

Vulnerability Detail

Ownership of tokenID won't be transferred to Voter.sol during vote() so the below check in BribeRewarder._modify() is wrong because voter.sol is going to be msg.sender and voter.sol isn't tokenID owner.

    function _modify(uint256 periodId, uint256 tokenId, int256 deltaAmount, bool isPayOutReward)
        private
        returns (uint256 rewardAmount)
    {
        if (!IVoter(_caller).ownerOf(tokenId, msg.sender)) {
            revert BribeRewarder__NotOwner();
        }

_modify() is used by BribeRewarder.deposit() which is called in _notifyBribes()

Voter.vote() will always revert BribeRewarder__NotOwner() because of the wrong check.

Impact

reverts in Voter.vote() due to wrong check in BribeRewarder._modify()

Code Snippet

https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/rewarders/BribeRewarder.sol#L264

Tool used

Manual Review

Recommendation

pass the msg.sender that calls Voter.vote() as a param into BribeRewarder.deposit() and then into BribeRewarder._modify() and use it for the check

 if (!IVoter(_caller).ownerOf(tokenId, voter#vote_caller)) {
            revert BribeRewarder__NotOwner();
        }

Duplicate of #39
@github-actions github-actions bot added duplicate High A High severity issue. labels Jul 21, 2024
@sherlock-admin2 sherlock-admin2 added the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Jul 22, 2024
@sherlock-admin4 sherlock-admin4 changed the title Mean Sandstone Sardine - reverts in Voter.vote() due to wrong check in BribeRewarder._modify() [DOS] AuditorPraise - reverts in Voter.vote() due to wrong check in BribeRewarder._modify() [DOS] Jul 29, 2024
@sherlock-admin4 sherlock-admin4 added the Reward A payout will be made for this issue label Jul 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sherlock-admin2 @sherlock-admin4