Skip to content
This repository has been archived by the owner on Jan 12, 2025. It is now read-only.

web3pwn - The vote function does not work in case there is BribeRewarder assigned to the pool #99

Closed
sherlock-admin2 opened this issue Jul 15, 2024 · 0 comments
Closed

web3pwn - The vote function does not work in case there is BribeRewarder assigned to the pool #99

sherlock-admin2 opened this issue Jul 15, 2024 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. Reward A payout will be made for this issue

Comments

@sherlock-admin2
Copy link

sherlock-admin2 commented Jul 15, 2024
edited by sherlock-admin4
Loading

web3pwn

High

The vote function does not work in case there is BribeRewarder assigned to the pool

Summary

The vote function reverts when a BribeRewarder is assigned due to an incorrect ownership check in its deposit function. This check, intended for the claim function where users claim rewards, incorrectly verifies ownership when called by the Voter contract during voting.

Vulnerability Detail

The vote function does not work when a BribeRewarder is assigned to the pool due to an incorrect check in the BribeRewarder contract. The deposit function of BribeRewarder is called by the Voter while voting. The issue is that the _modify function checks if the msg.sender is the owner of the tokenId. This logic is correct for the claim function where the user claims rewards and is the owner of the tokenId, but not for the deposit function where the msg.sender is the Voter contract.

Issue Scenario:

  1. There is a pool to vote for.
  2. The BribeRewarder was added to provide bribes for the pool.
  3. The user tries to vote for the pool.
  4. The call always reverts because the Voter calls the deposit function of BribeRewarder, which triggers _modify to check if the msg.sender is the owner of tokenId.
  5. This is incorrect since the msg.sender is the Voter contract in this context.

Impact

It not possible to vote for any pools that have BribeRewarder assigned (core functionality of the protocol).

Code Snippet

Tool used

Manual Review

Recommendation

It is recommended to update the deposit logic to ensure it is possible to correctly vote for the pools.

Duplicate of #39
@github-actions github-actions bot added duplicate High A High severity issue. labels Jul 21, 2024
@sherlock-admin4 sherlock-admin4 added the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Jul 22, 2024
@sherlock-admin4 sherlock-admin4 changed the title Blunt Carmine Camel - The vote function does not work in case there is BribeRewarder assigned to the pool web3pwn - The vote function does not work in case there is BribeRewarder assigned to the pool Jul 29, 2024
@sherlock-admin4 sherlock-admin4 added the Reward A payout will be made for this issue label Jul 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sherlock-admin2 @sherlock-admin4