Skip to content
This repository has been archived by the owner on Jan 12, 2025. It is now read-only.

jsmi - Not allowed staking position can vote for LUM emissions. #32

Closed
sherlock-admin4 opened this issue Jul 15, 2024 · 0 comments
Closed

jsmi - Not allowed staking position can vote for LUM emissions. #32

sherlock-admin4 opened this issue Jul 15, 2024 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. Reward A payout will be made for this issue

Comments

@sherlock-admin4
Copy link

sherlock-admin4 commented Jul 15, 2024
edited
Loading

jsmi

High

Not allowed staking position can vote for LUM emissions.

Summary

The staking position whose remaining lock period is less than epoch time can vote for LUM emissions.

Vulnerability Detail

The MagicSea DOCS describes as follows.

Only valid Magic LUM Staking Position are allowed to vote. The overall lock needs to be longer then 90 days and the remaining lock period needs to be longer than the epoch time. 1 Magic LUM = 1 Vote

However, the implementation of Voter::vote is the following.

    function vote(uint256 tokenId, address[] calldata pools, uint256[] calldata deltaAmounts) external {
        ......

        // check if _minimumLockTime >= initialLockDuration and it is locked
        if (_mlumStaking.getStakingPosition(tokenId).initialLockDuration < _minimumLockTime) {
            revert IVoter__InsufficientLockTime();
        }
175:    if (_mlumStaking.getStakingPosition(tokenId).lockDuration < _periodDuration) {
            revert IVoter__InsufficientLockTime();
        }

        ......
    }

As shown above, L175 doesn't ensure that the staking position is locked.

Impact

The staking position whose remaining lock period is less than epoch time or even expired can vote for LUM emissions.

Code Snippet

Tool used

Manual Review

Recommendation

It is recommended that modify Voter::vote as the following.

    function vote(uint256 tokenId, address[] calldata pools, uint256[] calldata deltaAmounts) external {
        ......

        // check if _minimumLockTime >= initialLockDuration and it is locked
        if (_mlumStaking.getStakingPosition(tokenId).initialLockDuration < _minimumLockTime) {
            revert IVoter__InsufficientLockTime();
        }
-       if (_mlumStaking.getStakingPosition(tokenId).lockDuration < _periodDuration) {
+       if (_mlumStaking.getStakingPosition(tokenId).startLockTime + _mlumStaking.getStakingPosition(tokenId).lockDuration < block.timestamp + _periodDuration) {
            revert IVoter__InsufficientLockTime();
        }

        ......
    }

Duplicate of #166
@github-actions github-actions bot added duplicate High A High severity issue. labels Jul 21, 2024
@sherlock-admin3 sherlock-admin3 added the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Jul 22, 2024
@sherlock-admin4 sherlock-admin4 changed the title Swift Sage Gerbil - Not allowed staking position can vote for LUM emissions. jsmi - Not allowed staking position can vote for LUM emissions. Jul 29, 2024
@sherlock-admin4 sherlock-admin4 added the Reward A payout will be made for this issue label Jul 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sherlock-admin3 @sherlock-admin4