Closed sherlock-admin3 closed 2 months ago
This is an architectural choice. A tokenId can only vote once in a period, making voting simple and manageable. This approach helps maintain the integrity and accuracy of voting processes
Escalate If it's a design choice, I can't say it should be solved but I believe this approach is not user friendly when we compare with my approach. It's my first contest on Sherlock, I don't know how those processes work in here but I really wonder the sponsor's idea about it if we're able to ask.
Escalate If it's a design choice, I can't say it should be solved but I believe this approach is not user friendly when we compare with my approach. It's my first contest on Sherlock, I don't know how those processes work in here but I really wonder the sponsor's idea about it if we're able to ask.
The escalation could not be created because you are not exceeding the escalation threshold.
You can view the required number of additional valid issues/judging contest payouts in your Profile page, in the Sherlock webapp.
TessKimy
Medium
Wrong execution flow of vote function causes users can't use their voting power
Summary
While voting period is active, user can't use it's own voting power in different transactions due to wrong validation checks.
Vulnerability Detail
Let say Alice created a position using 2 ether with 2 weeks and she wants to vote for pool X with her 50% voting power. Voting power is defined as following line:
uint256 votingPower = _pool.getStakingPosition(AliceTokenId).amountWithMultiplier;
After calling vote() for the first time, her tokenId is eliminated from all the other voting operations without checking the value of used voting power.
Impact
It's a core system functionality. Voting power always should be equal to her position with multiplier. But user can't use it in separate transactions due to wrong sequence diagram.
Code Snippet
https://github.com/sherlock-audit/2024-06-magicsea/blob/42e799446595c542eff9519353d3becc50cdba63/magicsea-staking/src/Voter.sol#L167C1-L169C10
Proof of Concept
Following test function can be used for testing:
It logged following lines:
Tool used
Manual Review
Recommendation
Storing voted amount in storage will solve the problem ( variable name should be configured again ):