Reentrants - Bribe rewarder pool creation can be DoSed #16

sherlock-admin3 · 2024-07-15T12:37:24Z

Reentrants

Medium

Bribe rewarder pool creation can be DoSed

Summary

As the bribe rewarder pool creation is permissionless, and there is a cap to the number of bribe rewarders that can be created per pool (MAX_BRIBES_PER_POOL = 5), a malicious party can create rewarder pools with dummy tokens and large periods to DoS valid bribe rewarder pool creations.

Vulnerability Detail

Anyone can create a BribeRewarder through the RewardFactory with any ERC20 token. Upon funding the bribe pool, it calls Voter.onRegister(), which caps the number of rewarders that can be added. Hence, it would be possible for anyone to create many dummy pools that are seeded with minimal liquidity for long voting periods to block valid bribe rewarder creations.

POC

The setup can be found in the gist.
https://gist.github.com/Reentrants/50898e49155a13b9eddbe69ea52c1a19#file-e2etest-t-sol-L193-L204

For brevity, the case is linked below.

function test_DoS_bribe_creation() public {
  vm.startPrank(alice);
  for (uint i; i < 5; ++i) {
      bribeRewarder = BribeRewarder(payable(address(rewarderFactory.createBribeRewarder(IERC20(address(0)), address(tokenA)))));
      // 1000 periods, minimal wei amount per period
      bribeRewarder.fundAndBribe{value: 1000 wei}(1, 100, 1);
  }
  vm.startPrank(bob);
  bribeRewarder = BribeRewarder(payable(address(rewarderFactory.createBribeRewarder(IERC20(address(0)), address(tokenA)))));
  vm.expectRevert("too much bribes");
  bribeRewarder.fundAndBribe{value: 1000 wei}(1, 100, 1);
}

Impact

Users desiring to create a valid bribe rewarder pool cannot do so.

Code Snippet

https://github.com/sherlock-audit/2024-06-magicsea/blob/7fd1a65b76d50f1bf2555c699ef06cde2b646674/magicsea-staking/src/Voter.sol#L141
https://github.com/sherlock-audit/2024-06-magicsea/blob/7fd1a65b76d50f1bf2555c699ef06cde2b646674/magicsea-staking/src/rewarders/BribeRewarder.sol#L255

Tool used

Manual Review

Recommendation

Consider whitelisting the type of tokens that can be used as bribes, and enforcing a minimum amount per voting period for each token.

Duplicate of #190

The text was updated successfully, but these errors were encountered:

github-actions bot closed this as completed Jul 21, 2024

github-actions bot added duplicate Medium A Medium severity issue. labels Jul 21, 2024

sherlock-admin2 added the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Jul 22, 2024

sherlock-admin4 changed the title ~~Lone Opaque Mustang - Bribe rewarder pool creation can be DoSed~~ Reentrants - Bribe rewarder pool creation can be DoSed Jul 29, 2024

sherlock-admin4 added the Reward A payout will be made for this issue label Jul 29, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Reentrants - Bribe rewarder pool creation can be DoSed #16

Reentrants - Bribe rewarder pool creation can be DoSed #16

sherlock-admin3 commented Jul 15, 2024 •

edited by sherlock-admin4

Loading

Reentrants - Bribe rewarder pool creation can be DoSed #16

Reentrants - Bribe rewarder pool creation can be DoSed #16

Comments

sherlock-admin3 commented Jul 15, 2024 • edited by sherlock-admin4 Loading

Bribe rewarder pool creation can be DoSed

Summary

Vulnerability Detail

POC

Impact

Code Snippet

Tool used

Recommendation

sherlock-admin3 commented Jul 15, 2024 •

edited by sherlock-admin4

Loading