search

sherlock-audit / 2024-06-magicsea-judging

2 stars 0 forks source link

Lone Opaque Mustang - Incorrect `getVotesPerPeriod()` implementation #702

Closed sherlock-admin2 closed 2 months ago

sherlock-admin2 commented 2 months ago

Lone Opaque Mustang

Low/Info

Incorrect getVotesPerPeriod() implementation

Summary

getVotesPerPeriod() is incorrectly implemented to be equivalent to getPoolVotesPerPeriod().

Vulnerability Detail

getVotesPerPeriod() should return the number of votes casted in a given period. However, it additionally takes in a pool parameter, making it equivalent to getPoolVotesPerPeriod(). There is an unused private mapping _poolVotesPerPeriod that seems to be intended to be used for this purpose.

Impact

Inconvenience to storage state access.

Code Snippet

https://github.com/sherlock-audit/2024-06-magicsea/blob/7fd1a65b76d50f1bf2555c699ef06cde2b646674/magicsea-staking/src/Voter.sol#L324-L326 https://github.com/sherlock-audit/2024-06-magicsea/blob/7fd1a65b76d50f1bf2555c699ef06cde2b646674/magicsea-staking/src/Voter.sol#L44-L45

Tool used

Manual Review

Recommendation

Incorporate vote tracking per period in _poolVotesPerPeriod for use in getVotesPerPeriod().