152 matches found
Users retain votes from their delegated tokens
Lines of code Vulnerability details Impact When a user has undelegated tokens and delegates them to another user, the owner retains all votes for their tokens, while the delegatee also gains those votes. By chaining this attack together, this could allow a user to generate unlimited votes, taking...
Rate my Post < 3.3.5 - Subscriber+ Votes Tampering via Race Condition
The plugin is affected by a race condition issues allowing subscriber users to tamper with votes to increment to decrement them...
Division before multiplication can lead to precision errors
Lines of code Vulnerability details Impact Since we are working with integer, if we divide before multiply, it can lead to precision errors. In this case, it can lead to error in quorum votes calculation in dynamicQuorumVotes function, allowing proposal be succeeded easier since quorumVote is...
While it is allowed to create only one proposal per person, you can still create more
Lines of code Vulnerability details Impact After the creation of one proposal user can send his tokens to another persondelegate votes, so another person will create new proposal using the first user's proposal threshold amount. In propose method there is a condition that one user can create only...
User can lose all governance power
Lines of code Vulnerability details Impact Contract is missing self delegation in case of delegateBySig function. This means if delegateBySig is called with zero address delegatee then User votes will be burned instead of setting delegatee to signatory Proof of Concept 1. User calls delegateBySig...
NounsDAOLogicV2's state() and proposals() will use initial dynamic params for all V1 proposals
Lines of code Vulnerability details state and proposals call quorumVotesid that utilize initial dynamic params for all V1 proposals by misusing 0 as a proposal creation block. I.e. new field is referenced while it is zero for all V1 proposals. This way all V1 proposals will use the same initial s...
Dynamic quorum votes parameters for a proposal (Proposal A) are changed according to another proposal (Proposal B) that proposes to update dynamic quorum votes parameters when Proposal B is executed after Proposal A is created in the same block
Lines of code Vulnerability details Impact The following writeQuorumParamsCheckpoint function is used to record dynamic quorum votes parameters at a block of interest. function writeQuorumParamsCheckpointDynamicQuorumParams memory params internal uint32 blockNumber = safe32block.number, 'block...
Functions quitLock and delegate fundamentally change game theory of VoteEscrow
Lines of code Vulnerability details Impact Without delegation it is not possible to remove voting power before the end of a lock. Function quitLock now makes this possible, but it does not just affect the user who quits the lock. Any votes that are delegated to them are temporarily lost from the...
Users can get unlimited votes
Lines of code Vulnerability details Impact Users can get unlimited votes which leads to them: 1. gaining control over governance 2. getting undeserved rewards 3. having their pools favored due to gauge values Proof of Concept mint calls moveTokenDelegates to set up delegation... File:...
Helpful < 4.5.15 - Votes Tampering
The plugin allowed users to vote more than once, which could allow attackers to increase votes drastically on some posts...
CVE-2022-27228
In the vote aka "Polls, Votes" module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code...
SQL injection in francoisjacquet/rosariosis
An SQL Injection vulnerability exits in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php...
CVE-2021-44567
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php...
RosarioSis SQL注入漏洞
RosarioSis is a free and open source student information system. It is used to manage students, create reports and make the right decisions. An SQL injection vulnerability exists in RosarioSIS versions prior to 7.6.1, which originates from the votes parameter in...
PT-2022-12164 · Unknown · Rosariosis
Name of the Vulnerable Software and Affected Versions: RosarioSIS versions prior to 7.6.1 Description: An unauthenticated SQL Injection issue exists via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php. Recommendations: For versions prior to 7.6.1, update to version 7.6.1 or later...
getVotingPower Is Not Equipped To Handle On-Chain Voting
Handle leastwood Vulnerability details Impact As NOTE continues to be staked in the sNOTE contract, it is important that Notional's governance is able to correctly handle on-chain voting by calculating the relative power sNOTE has in terms of its equivalent NOTE amount. getVotingPower is a useful...
CVE-2021-43793
Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse...
CVE-2021-43793
Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse...
Design/Logic Flaw
Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse...
PT-2021-23939 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse affected versions not specified Description: A vulnerability in the Polls feature of Discourse allowed users to vote multiple times in a single-option poll. The issue is related to the Polls feature, but specific details about...