ownerOf check will revert, when deposit function calls _modify, because msg.sender will be the Voter contract
Vulnerability Detail
When someone vote, the Voter.sol is calling the deposit function, which has onlyVoter modifier - which check if msg.sender = address(_caller). Than 'deposit' call '_modify', where msg.sender must be the owner of the tokenId, but it will be the Voter contract - the transaction will revert.
Impact
Can not vote for pools, that have bribe rewarders.
Yanev
Medium
revert in BribeRewarder.sol
Summary
ownerOf check will revert, when
depositfunction calls_modify, because msg.sender will be the Voter contractVulnerability Detail
When someone vote, the Voter.sol is calling the
depositfunction, which hasonlyVotermodifier - which check ifmsg.sender = address(_caller). Than 'deposit' call '_modify', where msg.sender must be the owner of the tokenId, but it will be the Voter contract - the transaction will revert.Impact
Can not vote for pools, that have bribe rewarders.
Code Snippet
https://github.com/sherlock-audit/2024-06-magicsea/blob/42e799446595c542eff9519353d3becc50cdba63/magicsea-staking/src/rewarders/BribeRewarder.sol#L143-L147 https://github.com/sherlock-audit/2024-06-magicsea/blob/42e799446595c542eff9519353d3becc50cdba63/magicsea-staking/src/rewarders/BribeRewarder.sol#L264-L266
Tool used
Manual Review
Recommendation
remove the
ownerOfcheck.Duplicate of #39