web3pwn - Denial of Service attack for bribe mechanism

[sherlock-admin3]

web3pwn

High

Denial of Service attack for bribe mechanism

Summary

The process of providing bribes for voting in a pool involves creating a BribeRewarder using RewardFactory, funding it, and registering it through the Voter contract's onRegister function. However, a limit of 5 rewarders per pool creates a vulnerability where attackers could saturate a pool with ineffective BribeRewarders and preventing legitimate participation.

Vulnerability Detail

To provide bribes for voting in a pool, one must use RewardFactory to create a BribeRewarder. After creation, the owner can fund it and execute the bribe logic, registering the BribeRewarder as a rewarder for the pool in the Voter contract through the onRegister function. However, a limitation allows a maximum of 5 BribeRewarders per pool. This could enable an attacker to create 5 BribeRewarders without valuable bribes and register them for a targeted pool. This action prevents legitimate BribeRewarders from registering as a rewarder for the pool, discouraging users from voting for it.

Impact

The attacker can prevent legitimate bribe rewarders from offering bribes for the given pool, effectively discouraging users from voting for it.

Code Snippet

• https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/Voter.sol#L141

Tool used

Manual Review

Recommendation

It is recommended to redesign the logic in a way it will be not possible to prevent legitimate bribers from participating.

Duplicate of #190