Skip to content
This repository has been archived by the owner on Jan 12, 2025. It is now read-only.

araj - Wrong input validation while checking for locked position in Voter.sol #29

Closed
sherlock-admin4 opened this issue Jul 15, 2024 · 0 comments
Closed

araj - Wrong input validation while checking for locked position in Voter.sol #29

sherlock-admin4 opened this issue Jul 15, 2024 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. Reward A payout will be made for this issue

Comments

@sherlock-admin4
Copy link

sherlock-admin4 commented Jul 15, 2024
edited
Loading

araj

High

Wrong input validation while checking for locked position in Voter.sol

Summary

Wrong input validation while checking for locked position in Voter.sol

Vulnerability Detail

For a user to vote using Voter::vote(), _minimumLockTime should be greater than initialLockDuration and position should be locked.

While checking for locked position, it checks position.lockDuration and this can be issue because lockDuration can be greater than _periodDuration but position is not locked

 @>  if (_mlumStaking.getStakingPosition(tokenId).lockDuration < _periodDuration) {
            revert IVoter__InsufficientLockTime();
        }

// How this works

  1. User created a position in MlumStaking.sol with lockDuration = 3 Months, which sets initialLockDuration as well as lockDuration = 3 Months
   // create position
       _stakingPositions[currentTokenId] = StakingPosition({
      @>     initialLockDuration: lockDuration,
           amount: amount,
           rewardDebt: amountWithMultiplier * (_accRewardsPerShare) / (PRECISION_FACTOR),
      @>     lockDuration: lockDuration,
           startLockTime: _currentBlockTimestamp(),
           lockMultiplier: lockMultiplier,
           amountWithMultiplier: amountWithMultiplier,
           totalMultiplier: lockMultiplier
       });
  1. After 3 Months, user position will be unlocked, but user can still vote and bypass the above check because lockDuration is still 3 months, which is greater than _periodDuration ie 14 days

Impact

Users with unlocked position can also vote

Code Snippet

https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/Voter.sol#L175C7-L177C10
https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/MlumStaking.sol#L374C7-L383C12

Tool used

Manual Review

Recommendation

Check the position's remaining locked time(MlumStaking::_remainingLockTime()) instead of lockDuration & compare it with _periodDuration

Duplicate of #166
@github-actions github-actions bot added duplicate High A High severity issue. labels Jul 21, 2024
@sherlock-admin3 sherlock-admin3 added the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Jul 22, 2024
@sherlock-admin4 sherlock-admin4 changed the title Deep Rose Mandrill - Wrong input validation while checking for locked position in Voter.sol araj - Wrong input validation while checking for locked position in Voter.sol Jul 29, 2024
@sherlock-admin4 sherlock-admin4 added the Reward A payout will be made for this issue label Jul 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sherlock-admin3 @sherlock-admin4