0xweebad - INCONSISTENT DATA LOCATION IN remainingLockTime() function in MLumStaking.sol contract MAY LEAD TO DISCREPANCIES

[sherlock-admin3]

0xweebad

Medium

INCONSISTENT DATA LOCATION IN remainingLockTime() function in MLumStaking.sol contract MAY LEAD TO DISCREPANCIES

Summary

In addToPosition function of the MlumStaking.sol contract, there's a call to _remainingLockTime function. Now, this function calculates the remaining lock duration of a position. There seems to be an inconsistent data location of the parameter argument that's passed into the _remainingLockTime function

Vulnerability Detail

1. The remainingLockTime function itself takes a function argument, StakingPosition struct, that's cached in memory. #See Below https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/MlumStaking.sol#L430

2. However, in addToPosition function, the argument that's passed into the remainingLockTime function call is cached in storage data location. https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/MlumStaking.sol#L409

   • See that the position argument that's passed into the remainingLockTime is cached in storage. # See Below https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/MlumStaking.sol#L405

Impact

Such inconsistencies in data location may give rise to discrepancies in the accounting of remaining lock duration within this said function.

Code Snippet

Tool used

Manual Review

Recommendation

Change the parameter argument of the remainingLockTime() function from StakingPosition memory position to StakingPosition storage position so as to match the call in addToPosition.

[0xSmartContract]

No loss of funds and low impact