Lines of code
<https://github.com/code-423n4/2023-12-revolutionprotocol/blob/main/packages/revolution/src/NontransferableERC20Votes.sol#L29>
<https://github.com/code-423n4/2023-12-revolutionprotocol/blob/main/packages/revolution/src/base/erc20/ERC20VotesUpgradeable.sol#L24>
As stated in the comment on line 12 of NontransferableERC20Votes.sol, delegation of vote power can be done through the delegate function or by providing a signature to be used with delegateBySig. However, these functions do not prevent users from delegating to address(0), leading users to permanently lose their voting power, intentionally or accidentally.
A test demonstrating that delegation to address(0) is possible and indeed results in the loss of voting power. You can paste this into NontransferableERC20.t.sol. Also see: Issue in Nouns Builder repo for the same bug code-423n4/2022-09-nouns-builder-findings#203
function testVotingAndDelegationToAddress0() public {
address delegate = address(0);
uint256 mintAmount = 1000 * 1e18;
// Mint tokens to the owner
vm.startPrank(address(erc20TokenEmitter));
erc20Token.mint(address(this), mintAmount);
vm.stopPrank();
// Delegate voting power
erc20Token.delegate(delegate);
// @bug Voting power is lost.
assertEq(erc20Token.getVotes(delegate), 0);
// Ensure that no tokens were transferred in the process of delegation
assertEq(erc20Token.balanceOf(delegate), 0, "Delegation should not transfer tokens");
}
Manual Review
Donβt allow delegation to address(0) by adding checks to both delegate and delegateBySig functions as the following:
require(delegatee != address(0), "Votes: delegate to the zero address");
Context
The text was updated successfully, but these errors were encountered:
All reactions