setLumPerSecond() will apply the new lumPerSecond immediately from every pool's lastUpdateTimestamp to their next update time, which may increase / decrease unaccounted rewards thus far.
Vulnerability Detail
setLumPerSecond() updates _lumPerSecond, which is the reward rate distribution for all active pools. Should an active pool have lastUpdateTimestamp < block.timestamp, this new rate is applied from lastUpdateTimestamp to block.timestamp, unintentionally increasing / decreasing the accounted rewards thus far.
Impact
Unfair reward distribution rate applied to un-updated active pools.
There should be a @dev note to ensure updateAll() is called on all active pools prior to the setLumPerSecond() call, like how it's done with Voter.setTopPoolIdsWithWeights().
Lone Opaque Mustang
Low/Info
setLumPerSecond()will be applied retroactivelySummary
setLumPerSecond()will apply the newlumPerSecondimmediately from every pool'slastUpdateTimestampto their next update time, which may increase / decrease unaccounted rewards thus far.Vulnerability Detail
setLumPerSecond()updates_lumPerSecond, which is the reward rate distribution for all active pools. Should an active pool havelastUpdateTimestamp < block.timestamp, this new rate is applied fromlastUpdateTimestamptoblock.timestamp, unintentionally increasing / decreasing the accounted rewards thus far.Impact
Unfair reward distribution rate applied to un-updated active pools.
Code Snippet
https://github.com/sherlock-audit/2024-06-magicsea/blob/7fd1a65b76d50f1bf2555c699ef06cde2b646674/magicsea-staking/src/MasterchefV2.sol#L352-L360
Tool used
Manual Review
Recommendation
There should be a @dev note to ensure
updateAll()is called on all active pools prior to thesetLumPerSecond()call, like how it's done withVoter.setTopPoolIdsWithWeights().