Skip to content
This repository has been archived by the owner on Jan 12, 2025. It is now read-only.

jah - a user can still receive a reward even after the lock expires #530

Closed
sherlock-admin3 opened this issue Jul 15, 2024 · 1 comment
Closed

jah - a user can still receive a reward even after the lock expires #530

sherlock-admin3 opened this issue Jul 15, 2024 · 1 comment
Labels
Non-Reward This issue will not receive a payout

Comments

@sherlock-admin3
Copy link
Contributor

sherlock-admin3 commented Jul 15, 2024
edited by WangSecurity
Loading

jah

High

a user can still receive a reward even after the lock expires

Summary

there is no check to force the user to lock again after the lock expired

Vulnerability Detail

the function harvestPosition is used to receive the reward but there is no check if the lock have expired which will lead for a user to receive a reward even after the lock have expired

Impact

a user can lock for some time and still receive rewards after the lock expired

Code Snippet

https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/MlumStaking.sol#L442

Tool used

Manual Review

Recommendation

add a check that prevent for user to receive reward after the lock expired
@github-actions github-actions bot added duplicate High A High severity issue. labels Jul 21, 2024
@sherlock-admin2 sherlock-admin2 added the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Jul 22, 2024
@sherlock-admin4 sherlock-admin4 changed the title Round Currant Eel - a user can still receive a reward even after the lock expires jah - a user can still receive a reward even after the lock expires Jul 29, 2024
@sherlock-admin4 sherlock-admin4 added the Reward A payout will be made for this issue label Jul 29, 2024
@chinmay-farkya chinmay-farkya mentioned this issue Aug 2, 2024
Open
@WangSecurity WangSecurity mentioned this issue Aug 13, 2024
Closed
@WangSecurity
Copy link

Invalid based on the discussion under #6 and #166

@WangSecurity WangSecurity removed High A High severity issue. Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Aug 18, 2024
@sherlock-admin2 sherlock-admin2 added Non-Reward This issue will not receive a payout and removed Reward A payout will be made for this issue labels Aug 18, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@WangSecurity @sherlock-admin2 @sherlock-admin3 @sherlock-admin4