search

sherlock-audit / 2024-06-magicsea-judging

2 stars 0 forks source link

0xAadi - `IMasterChefRewarder` interface is not defined `onModify()` cause DoS on `MasterChefV2` contract #634

Closed sherlock-admin2 closed 1 month ago

sherlock-admin2 commented 2 months ago

0xAadi

Medium

IMasterChefRewarder interface is not defined onModify() cause DoS on MasterChefV2 contract

Summary

There is no function called onModify() defined in the IMasterChefRewarder interface, but the MasterChefV2._modify() function calls this function, causing the transaction to revert.

Vulnerability Detail

The vulnerability lies in the following code:

            extraRewarder.onModify(account, pid, oldBalance, newBalance, oldTotalSupply);

But the IMasterChefRewarder interface is not defined the onModify() function

Impact

Since the MasterChefV2._modify() function is used by several other functions, this causes a Denial of Service (DoS) on MasterchefV2.emergencyWithdraw(), MasterchefV2.depositOnBehalf(), MasterchefV2.deposit(), MasterchefV2.withdraw(), and MasterchefV2.claim().

Code Snippet

https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/MasterchefV2.sol#L560

Tool used

Manual Review

Recommendation

Define the onModify() function in the IMasterChefRewarder interface.

0xSmartContract commented 1 month ago

Considering the Solidity documentation and ABI coding, it appears that the two interfaces have the same address type and are therefore compatible during the calls.

False