Skip to content
This repository has been archived by the owner on Jan 12, 2025. It is now read-only.

Silvermist - Voter.sol#vote - Users can continue voting after their lockDuration expire #243

Closed
sherlock-admin2 opened this issue Jul 15, 2024 · 0 comments
Closed

Silvermist - Voter.sol#vote - Users can continue voting after their lockDuration expire #243

sherlock-admin2 opened this issue Jul 15, 2024 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. Reward A payout will be made for this issue

Comments

@sherlock-admin2
Copy link

sherlock-admin2 commented Jul 15, 2024
edited by sherlock-admin4
Loading

Silvermist

Medium

Voter.sol#vote - Users can continue voting after their lockDuration expire

Summary

Users can continue using their staking after the lockDuration expire.

Vulnerability Detail

Users create positions by staking their money. With their position, they can vote for pools and earn rewards. Users can only vote for their lockDuration time. When their duration expires, they can withdraw their money or extend the lockDuration of their staking to continue participating in voting periods. They should NOT be able to vote for pools if their lockDuration expires. However, there is no check to prevent voting with expired duration.

PoC

Paste the following test in Voter.t.sol

   function testVotingWithoutLockDuration() public {
        _stakingToken.mint(ALICE, 2 ether);

        vm.startPrank(ALICE);
        _stakingToken.approve(address(_pool), 1 ether);
        _pool.createPosition(1 ether, 100 days);
        vm.stopPrank();

        vm.warp(block.timestamp + 101 days);

        vm.prank(DEV);

        _voter.startNewVotingPeriod();

        vm.startPrank(ALICE);
        _voter.vote(1, _getDummyPools(), _getDeltaAmounts());

        assertLt(_pool.getStakingPosition(1).lockDuration, block.timestamp);
    }

Impact

Users can vote with expired staking.

Code Snippet

https://github.com/sherlock-audit/2024-06-magicsea/blob/42e799446595c542eff9519353d3becc50cdba63/magicsea-staking/src/Voter.sol#L153-L219

Tool used

Manual Review

Recommendation

Before voting ensure the lockDuration is more than the block.timestamp.

        if (_mlumStaking.getStakingPosition(tokenId).lockDuration < block.timestamp) {
            revert IVoter__InsufficientLockTime();
        }

Duplicate of #166
@github-actions github-actions bot added duplicate High A High severity issue. labels Jul 21, 2024
@sherlock-admin3 sherlock-admin3 added the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Jul 22, 2024
@sherlock-admin4 sherlock-admin4 changed the title Quick Mahogany Viper - Voter.sol#vote - Users can continue voting after their lockDuration expire Silvermist - Voter.sol#vote - Users can continue voting after their lockDuration expire Jul 29, 2024
@sherlock-admin4 sherlock-admin4 added the Reward A payout will be made for this issue label Jul 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sherlock-admin2 @sherlock-admin3 @sherlock-admin4