Closed sherlock-admin3 closed 1 month ago
Now a duplicate of https://github.com/sherlock-audit/2024-06-magicsea-judging/issues/172, based on https://github.com/sherlock-audit/2024-06-magicsea-judging/issues/164#issuecomment-2260716700 and https://github.com/sherlock-audit/2024-06-magicsea-judging/issues/164#issuecomment-2282808949 comments.
slowfi
Medium
Funds Can Get Stucked on
BribeRewarder
contractSummary
The
BribeRewarder
does not offer a way to recover funds that can be stuck during normal protocol operations.Vulnerability Detail
There two main scenarios where funds can get locked inside
BribeRewarder
contract.bribe
function. In this case, the user needs to send the amount that is bigger or equal than the number of periods multiplied by the amount per period. However if the previous transfer amount is bigger the excessive tokens are stuck in the contract.Impact
Unnecessary lock of funds on the contracts.
BribeRewarder.sol#L132C1-L134C6
Tool used
Manual Review
Recommendation
Allow to withdraw the excessive amount of tokens or native tokens to the owner in case no rewards require to be distributed or the transfer amount was over calculated.
Duplicate of #172