You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 12, 2025. It is now read-only.
DoS by the Incorrect validation in function BribeRewarder.sol#_modify().
Summary
BribeRewarder.sol#deposit() is DoSed because of the incorrect validation in the BribeRewarder.sol#_modify() function.
Vulnerability Detail
The BribeRewarder.sol#deposit() is the function that Deposits votes for the given period and tokenId, only the voter contract can call this function by the onlyVoter() modifier.
The BribeRewarder.sol#deposit() is as follows.
function deposit(uint256periodId, uint256tokenId, uint256deltaAmount) public onlyVoter {
_modify(periodId, tokenId, deltaAmount.toInt256(), false);
emitDeposited(periodId, tokenId, _pool(), deltaAmount);
}
As you can see above this code snippet, the _modify() function is called in the deposit() function, so here the caller (msg.sender) is the Voter contract.
However, the _modify() function checks whether the caller is the owner of tokenId.
function _modify(uint256periodId, uint256tokenId, int256deltaAmount, boolisPayOutReward)
privatereturns (uint256rewardAmount)
{
264: if (!IVoter(_caller).ownerOf(tokenId, msg.sender)) {
265: revertBribeRewarder__NotOwner();
266: }
...SNIP
}
But the caller (msg.sender) cannot be the owner of tokenId (staking position), so it is reverted.
Impact
BribeRewarder.sol#deposit() is always reverted, so the vote() function of the Voter contract does not work correctly. As a result, the core function of the protocol is damaged.
sherlock-admin4
changed the title
Abundant Pickle Rattlesnake - DoS by the Incorrect validation in function BribeRewarder.sol#_modify().
blockchain555 - DoS by the Incorrect validation in function BribeRewarder.sol#_modify().
Jul 29, 2024
blockchain555
Medium
DoS by the Incorrect validation in function
BribeRewarder.sol#_modify()
.Summary
BribeRewarder.sol#deposit()
is DoSed because of the incorrect validation in theBribeRewarder.sol#_modify()
function.Vulnerability Detail
The
BribeRewarder.sol#deposit()
is the function that Deposits votes for the given period and tokenId, only the voter contract can call this function by theonlyVoter()
modifier.The
BribeRewarder.sol#deposit()
is as follows.As you can see above this code snippet, the
_modify()
function is called in thedeposit()
function, so here the caller (msg.sender
) is theVoter
contract.However, the
_modify()
function checks whether the caller is the owner oftokenId
.But the caller (
msg.sender
) cannot be the owner oftokenId
(staking position), so it is reverted.Impact
BribeRewarder.sol#deposit()
is always reverted, so thevote()
function of theVoter
contract does not work correctly. As a result, the core function of the protocol is damaged.Code Snippet
https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/rewarders/BribeRewarder.sol#L143-L147
https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/rewarders/BribeRewarder.sol#L260-L298
Tool used
Manual Review
Recommendation
The
BribeRewarder.sol#_modify()
function has to be modified as follows.Duplicate of #39
The text was updated successfully, but these errors were encountered: