Skip to content
This repository has been archived by the owner on Jan 12, 2025. It is now read-only.

Honour - DOS on voting for pools with bribeRewarder due to incorrect check on _modify #297

Closed
sherlock-admin3 opened this issue Jul 15, 2024 · 0 comments
Closed

Honour - DOS on voting for pools with bribeRewarder due to incorrect check on _modify #297

sherlock-admin3 opened this issue Jul 15, 2024 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. Reward A payout will be made for this issue

Comments

@sherlock-admin3
Copy link
Contributor

sherlock-admin3 commented Jul 15, 2024
edited by sherlock-admin4
Loading

Honour

High

DOS on voting for pools with bribeRewarder due to incorrect check on _modify

Summary

Voting for pools with a bribeRewarder reverts due to incorrect logic in _modify

Vulnerability Detail

During voting ,the voter contract calls the deposit function on the respective bribeRewarder which in turn calls the _modify function. However the _modify function reverts if the msg.sender is not the token owner, which means that its not possible to vote for pools with a bribeRewarder

Impact

Voting for pools with a bribeRewarder reverts

Code Snippet

https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/Voter.sol#L221-L229

https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/rewarders/BribeRewarder.sol#L143-L147

https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/rewarders/BribeRewarder.sol#L264-L266

Tool used

Manual Review

Recommendation

 function _modify(uint256 periodId, uint256 tokenId, int256 deltaAmount, bool isPayOutReward)
        private
        returns (uint256 rewardAmount)
    {
-       if (!IVoter(_caller).ownerOf(tokenId, msg.sender)) {
-           revert BribeRewarder__NotOwner();
-       }

+       if (msg.sender != _caller &&  !IVoter(_caller).ownerOf(tokenId, msg.sender) ) {
+           revert BribeRewarder__NotOwner();
+       }
    }

Duplicate of #39
@github-actions github-actions bot added duplicate High A High severity issue. labels Jul 21, 2024
@sherlock-admin2 sherlock-admin2 added the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Jul 22, 2024
@sherlock-admin4 sherlock-admin4 changed the title Slow Indigo Butterfly - DOS on voting for pools with bribeRewarder due to incorrect check on _modify Honour - DOS on voting for pools with bribeRewarder due to incorrect check on _modify Jul 29, 2024
@sherlock-admin4 sherlock-admin4 added the Reward A payout will be made for this issue label Jul 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sherlock-admin2 @sherlock-admin3 @sherlock-admin4