Incorrect calculation order in the MlumStaking.addToPosition() function when using fee-on-transfer tokens
Summary
In the addToPosition() function, the transfer of tokens occurs after the calculation of the avgDuration. When using fee-on-transfer tokens, the actual amount received is smaller than the amount sent. This leads to an incorrect calculation of the avgDuration value.
Vulnerability Detail
When the stakedToken is a fee-on-transfer token, the actual received amount is smaller than the original amountToAdd. So, the calculation of avgDuration at L410 is done incorrectly, as it uses the original amountToAdd before the transfer. As a result, the lockDuration and the voting power are also incorrectly updated.
KupiaSec
Medium
Incorrect calculation order in the
MlumStaking.addToPosition()function when usingfee-on-transfertokensSummary
In the
addToPosition()function, the transfer of tokens occurs after the calculation of theavgDuration. When usingfee-on-transfertokens, the actual amount received is smaller than the amount sent. This leads to an incorrect calculation of theavgDurationvalue.Vulnerability Detail
When the
stakedTokenis afee-on-transfertoken, the actual received amount is smaller than the originalamountToAdd. So, the calculation ofavgDurationatL410is done incorrectly, as it uses the originalamountToAddbefore the transfer. As a result, thelockDurationand the voting power are also incorrectly updated.Impact
Voting power is incorrectly updated when adding to existing positions.
Code Snippet
https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/MlumStaking.sol#L397-L428
Tool used
Manual Review
Recommendation
The token transfer should be completed before the calculation of
avgDurationis performed.Duplicate of #545