In the current implementation, anyone can create a BribeRewarder in the RewarderFactory. This unrestricted access can lead to potential problems.
Vulnerability Detail
The vulnerability arises from the fact that anyone can create a BribeRewarder. A malicious user could exploit this by creating multiple bribe rewarders for a pool using minimal amounts, such as 1 wei. This would dilute the rewards for voters, resulting in them receiving very small, negligible rewards. Also in some situation malicious user could front run and create briber with the same start and end period, but with a lot smaller reward.
Voters will receive significantly reduced rewards due to the creation of multiple bribe rewarders with minimal amounts. This makes the voting process less attractive and potentially unfair.
Malicious users can exploit this vulnerability to disrupt the reward distribution system, reducing the effectiveness of the incentive mechanism.
Glorious Bronze Ladybug
Low/Info
Anyone could create briber
Summary
In the current implementation, anyone can create a
BribeRewarder
in theRewarderFactory
. This unrestricted access can lead to potential problems.Vulnerability Detail
The vulnerability arises from the fact that anyone can create a
BribeRewarder
. A malicious user could exploit this by creating multiple bribe rewarders for a pool using minimal amounts, such as 1 wei. This would dilute the rewards for voters, resulting in them receiving very small, negligible rewards. Also in some situation malicious user could front run and create briber with the same start and end period, but with a lot smaller reward.https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/rewarders/RewarderFactory.sol#L96-L113
Impact
Voters will receive significantly reduced rewards due to the creation of multiple bribe rewarders with minimal amounts. This makes the voting process less attractive and potentially unfair.
Malicious users can exploit this vulnerability to disrupt the reward distribution system, reducing the effectiveness of the incentive mechanism.
Code Snippet
Tool used
Manual Review
Recommendation
Consider restricting creation of
BribeRewarder
to only owner.