This repository has been archived by the owner on Jan 12, 2025. It is now read-only.
0xpranav - Voter can still vote even if remaining lock period is less then epoch period. #176
Comments
sherlock-admin3
added
the
Duplicate
sherlock-admin4
changed the title
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
0xpranav
Medium
Voter can still vote even if remaining lock period is less then epoch period.
Summary
User(Voter) can still vote even if the remaining lock period of staking position is less then epoch period.
Vulnerability Detail
In docs, it is stated that the voter needs to have overall lock period greater then 90 days and the remaining lock period is greater then epoch period(_period duration)see here:https://docs.magicsea.finance/protocol/magic/magic-lum-voting.
In voter.sol , line https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/Voter.sol#L175 checks for remaining lock period less then the epoch period. But the _mlumStaking.getStakingPosition(tokenId).lockDuration will return lock duration rather the remaining period as it does not store the remaining lock duration.
See here:https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/MlumStaking.sol#L378
Impact
As a result , user will bypass the check even if the remaining lock period is less then epoch period. Can break functions which assume vote position is locked until epoch period.
Code Snippet
https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/Voter.sol#L175
Tool used
Manual Review
Recommendation
Create a getter function of remainingLock period of staking position.
Duplicate of #166
The text was updated successfully, but these errors were encountered: