Position creation has missing _maxGlobalMultiplier limiter check on totalMultiplier
Summary
A new position's totalMultiplier is directly set to lockMultiplier, but it lacks the _maxGlobalMultiplier check that is enforced in _updateBoostMultiplierInfoAndRewardDebt().
Vulnerability Detail
_updateBoostMultiplierInfoAndRewardDebt() has a check to ensure that a modified position's totalMultiplier does not exceed _maxGlobalMultiplier. However, when creating a position, this check is not done.
Hence, should the configured _maxLockMultiplier exceed _maxGlobalMultiplier, the newly created position would have a larger than allowed total multiplier.
Impact
Initial totalMultiplier may exceed _maxGlobalMultiplier.
Lone Opaque Mustang
Low/Info
Position creation has missing
_maxGlobalMultiplierlimiter check ontotalMultiplierSummary
A new position's
totalMultiplieris directly set tolockMultiplier, but it lacks the_maxGlobalMultipliercheck that is enforced in_updateBoostMultiplierInfoAndRewardDebt().Vulnerability Detail
_updateBoostMultiplierInfoAndRewardDebt()has a check to ensure that a modified position'stotalMultiplierdoes not exceed_maxGlobalMultiplier. However, when creating a position, this check is not done.Hence, should the configured
_maxLockMultiplierexceed_maxGlobalMultiplier, the newly created position would have a larger than allowed total multiplier.Impact
Initial
totalMultipliermay exceed_maxGlobalMultiplier.Code Snippet
https://github.com/sherlock-audit/2024-06-magicsea/blob/7fd1a65b76d50f1bf2555c699ef06cde2b646674/magicsea-staking/src/MlumStaking.sol#L382 https://github.com/sherlock-audit/2024-06-magicsea/blob/7fd1a65b76d50f1bf2555c699ef06cde2b646674/magicsea-staking/src/MlumStaking.sol#L659
Tool used
Manual Review
Recommendation
Add the
_maxGlobalMultiplierincreatePosition().