iamnmt - Users can not claim from `BribeRewarder` when `Voter#getLatestFinishedPeriod()` is greater than `BribeRewarder#_lastVotingPeriod + 1` #145

sherlock-admin3 · 2024-07-15T13:10:24Z

iamnmt

High

Users can not claim from `BribeRewarder` when `Voter#getLatestFinishedPeriod()` is greater than `BribeRewarder#_lastVotingPeriod + 1`

Summary

When Voter#getLatestFinishedPeriod() is greater than BribeRewarder#_lastVotingPeriod + 1, there will be index out of bounds error when accessing the BribeRewarder#_rewards, which will prevent users from claiming rewards.

Vulnerability Detail

When a user creates a BribeRewarder and bribes, there will be _lastVotingPeriod - _startVotingPeriod + 2 RewardPerPeriod added to the _rewards array

https://github.com/sherlock-audit/2024-06-magicsea/blob/42e799446595c542eff9519353d3becc50cdba63/magicsea-staking/src/rewarders/BribeRewarder.sol#L248

When a user calls BribeRewarder#claim, the rewards is claimed from _startVotingPeriod to Voter#getLatestFinishedPeriod()

https://github.com/sherlock-audit/2024-06-magicsea/blob/42e799446595c542eff9519353d3becc50cdba63/magicsea-staking/src/rewarders/BribeRewarder.sol#L159

when Voter#getLatestFinishedPeriod() is greater than BribeRewarder#_lastVotingPeriod + 1, the BribeRewarder#_modify will revert because of accessing an index out of bounds at

https://github.com/sherlock-audit/2024-06-magicsea/blob/42e799446595c542eff9519353d3becc50cdba63/magicsea-staking/src/rewarders/BribeRewarder.sol#L274

Impact

Users can not claim from BribeRewarder when Voter#getLatestFinishedPeriod() is greater than BribeRewarder#_lastVotingPeriod + 1, which will result in DoS on BribeRewarder#claim and loss of funds.

Code Snippet

https://github.com/sherlock-audit/2024-06-magicsea/blob/42e799446595c542eff9519353d3becc50cdba63/magicsea-staking/src/rewarders/BribeRewarder.sol#L154

https://github.com/sherlock-audit/2024-06-magicsea/blob/42e799446595c542eff9519353d3becc50cdba63/magicsea-staking/src/rewarders/BribeRewarder.sol#L274

Tool used

Manual Review

Recommendation

endPeriod should be the minimum of Voter#getLatestFinishedPeriod() and BribeRewarder#_lastVotingPeriod

src/rewarders/BribeRewarder.sol:154

    function claim(uint256 tokenId) external override {
        uint256 endPeriod = IVoter(_caller).getLatestFinishedPeriod();
+       if (endPeriod > _lastVotingPeriod) {
+           endPeriod = _lastVotingPeriod
+       }

src/rewarders/BribeRewarder.sol:166

    function getPendingReward(uint256 tokenId) external view override returns (uint256 totalReward) {
        uint256 endPeriod = IVoter(_caller).getLatestFinishedPeriod();
+       if (endPeriod > _lastVotingPeriod) {
+           endPeriod = _lastVotingPeriod
+       }

Duplicate of #164

The text was updated successfully, but these errors were encountered:

github-actions bot closed this as completed Jul 21, 2024

github-actions bot added the Excluded Excluded by the judge without consulting the protocol or the senior label Jul 21, 2024

sherlock-admin4 added the Reward A payout will be made for this issue label Jul 29, 2024

chinmay-farkya mentioned this issue Jul 31, 2024

ChinmayF - Voters will lose all bribe rewards forever if they do not claim their rewards after the last bribing period #164

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

iamnmt - Users can not claim from `BribeRewarder` when `Voter#getLatestFinishedPeriod()` is greater than `BribeRewarder#_lastVotingPeriod + 1` #145

iamnmt - Users can not claim from `BribeRewarder` when `Voter#getLatestFinishedPeriod()` is greater than `BribeRewarder#_lastVotingPeriod + 1` #145

sherlock-admin3 commented Jul 15, 2024 •

edited by sherlock-admin4

Loading

iamnmt - Users can not claim from BribeRewarder when Voter#getLatestFinishedPeriod() is greater than BribeRewarder#_lastVotingPeriod + 1 #145

iamnmt - Users can not claim from BribeRewarder when Voter#getLatestFinishedPeriod() is greater than BribeRewarder#_lastVotingPeriod + 1 #145

Comments

sherlock-admin3 commented Jul 15, 2024 • edited by sherlock-admin4 Loading

Users can not claim from BribeRewarder when Voter#getLatestFinishedPeriod() is greater than BribeRewarder#_lastVotingPeriod + 1

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

iamnmt - Users can not claim from `BribeRewarder` when `Voter#getLatestFinishedPeriod()` is greater than `BribeRewarder#_lastVotingPeriod + 1` #145

iamnmt - Users can not claim from `BribeRewarder` when `Voter#getLatestFinishedPeriod()` is greater than `BribeRewarder#_lastVotingPeriod + 1` #145

sherlock-admin3 commented Jul 15, 2024 •

edited by sherlock-admin4

Loading

Users can not claim from `BribeRewarder` when `Voter#getLatestFinishedPeriod()` is greater than `BribeRewarder#_lastVotingPeriod + 1`