Vulnerability Pattern: Coding Mistake
Severity: Low
Ecosystem: Sui
Protocol: Magma Finance
Auditor: Zellic
Report: https://github.com/Zellic/publications/blob/master/Magma Finance - Zellic Audit Report.pdf
Report Date: Jan 2025
Description: The Voter and VotingEscrow objects are not properly shared after their creation. This prevents users from accessing these objects when attempting to create a lock and deposit to a gauge, as these operations require access to both the Voter and VotingEscrow objects.
The issue stems from commented-out code in the create function in voting_escrow.move:
Impact:
Users are prevented from participating in the voting system since they cannot access the required Voter and VotingEscrow objects for creating locks and depositing to gauges.
Recommendation: Uncomment out crucial code in the create function.
Coding/Auditing Tip: Watch out for commented out code that may be crucial to operations!