Skip to content
This repository was archived by the owner on Jan 12, 2025. It is now read-only.

pashap9990 - ‌Bribe givers cannot sweep their residual assets #315

Closed
sherlock-admin4 opened this issue Jul 15, 2024 · 1 comment
Closed

pashap9990 - ‌Bribe givers cannot sweep their residual assets #315

sherlock-admin4 opened this issue Jul 15, 2024 · 1 comment
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. Reward A payout will be made for this issue

Comments

@sherlock-admin4
Copy link

sherlock-admin4 commented Jul 15, 2024
edited by WangSecurity
Loading

pashap9990

Medium

‌Bribe givers cannot sweep their residual assets

Summary

Bribe givers deposit assets into BribeRewarder to make some pools attractive for voters but in some cases its possible anyone don't vote to that pool hence assets of ‌bribe givers will be locked in BribeRewarder for ever and
based on docs

Bribes as an additional incentive to vote can be claimed 24-48 hours after an epoch has ended. Voters can claim the rewards until the next epoch is ended. Unclaimed rewards will be sent back to the briber

Vulnerability Detail

any rewarder extended from BaseRewarder they have sweep function for repay left over assets to rewarder's owner but because BribeRewarder doesn't extend from BaseRewarder hence that hasn't any functionality for sweep residual assets

Impact

there is no way for repay leftover assets to bribe giver

Code Snippet

https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/rewarders/BribeRewarder.sol#L31

Tool used

Manual Review

Recommendation

Its better to add sweep function to BribeRewarder

Duplicate of #172
@github-actions github-actions bot added duplicate Medium A Medium severity issue. labels Jul 21, 2024
@sherlock-admin4 sherlock-admin4 added the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Jul 22, 2024
@0xSmartContract 0xSmartContract added High A High severity issue. and removed Medium A Medium severity issue. labels Jul 29, 2024
@sherlock-admin4 sherlock-admin4 changed the title Chilly Iris Parakeet - ‌Bribe givers cannot sweep their residual assets pashap9990 - ‌Bribe givers cannot sweep their residual assets Jul 29, 2024
@sherlock-admin4 sherlock-admin4 added the Reward A payout will be made for this issue label Jul 29, 2024
@chinmay-farkya chinmay-farkya mentioned this issue Jul 31, 2024
Open
@WangSecurity
Copy link

Now a duplicate of #172, based on #164 (comment) and #164 (comment) comments.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@0xSmartContract @WangSecurity @sherlock-admin4