Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-09-PARTY-FINDINGS-ISSUES-289
HistorySep 19, 2022 - 12:00 a.m.

multiply users can contribution with one Token

2022-09-1900:00:00
Code4rena
github.com
4
tokengatekeeper bypass
multiple contributions
nft tracking
JSON

Lines of code
<https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/gatekeepers/TokenGateKeeper.sol#L31-L38&gt;

Vulnerability details

Impact

Users, don’t have a Token for contribution but they can bypass this check easy

Proof of Concept

If the Crowdfund is private by using TokenGateKeeper.sol
The contributor can contribution and then send the NFT or ERC20 to another user address. So two users or more can send a contribution with the same Token TO BYPASS isAllowed()

Recommended Mitigation Steps

If it uses NFT you can track the ids

The text was updated successfully, but these errors were encountered:

All reactions

JSON