22 matches found
MAL-2024-2032 Malicious code in crowdfund-contract (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in crowdfund-contract (npm)
--- -= Per source details. Do not edit below this line.=-...
In some cases the crowdfund cant be finalized because the minContribution amount check is after the amount is reduced
Lines of code Vulnerability details Because of a finding in the previous contest, the minContribution check is done after the amount is potentially reduced if refunding excess contribution. However this can be a problem if the maxTotalContributions - minTotalContributions is smaller than the...
funds stuck in crowdfund
Lines of code Vulnerability details Vulnerability details: Details: in ETHCrowdfundBase the crowdfund deployer can choose to implement fee's that are given to a feeAdress with a certain percentage of the crowdfund ETH. the fee splitting is happening both in finalize: function finalizeuint96...
All contributions can get locked in the Crowdfund contract, with no means to refund users or finalize.
Lines of code Vulnerability details Impact ETHCrowdfundBasefinalize assumes that all contributions are intact, but there is an emergencyExecute function that is capable of spending part of crowdfund eth. If as little as one wei gets spent, Users cannot get refunded, and the Crowdfund will not get...
MaxContribution check can be bypassed to give a card high voting power
Lines of code Vulnerability details Proof of Concept ReraiseETHCrowdfund tries limit the voting power of each card by doing a min/maxContribution check in claim and claimMultiple. uint96 contribution = votingPower 1e4 / exchangeRateBps; uint96 maxContribution = maxContribution; // Check that the...
InitialETHCrowdfund.batchContributeFor() doesn't refund for failed contributes
Lines of code Vulnerability details Impact InitialETHCrowdfund.batchContributeFor doesn't refund for failed contributes when args.revertOnFailure is false. The funds will be locked in the initial crowdfund contract, so it should be refunded. Proof of Concept InitialETHCrowdfund.batchContributeFor...
ETHCrowdfundBase._finalize() calculates the total voting power wrongly.
Lines of code Vulnerability details Impact After the crowdfund is finalized, the party wouldn't work properly because total voting power is greater than the sum of all voters' voting power. In the worst case, any proposal including the distribution one wouldn't be executed because it doesn't meet...
An attacker can contribute to the ETH crowdfund using a flash loan and control the party as he likes.
Lines of code Vulnerability details Impact An attacker can have more than half of the total voting power using a flash loan and abuse other contributors. Proof of Concept The main flaw is that the party can distribute funds right after the crowdfund is finalized within the same block. So the...
Possible DOS attack using dust in ReraiseETHCrowdfund._contribute()
Lines of code Vulnerability details Impact Normal contributors wouldn't contribute to the crowdfund properly by a malicious frontrunner. Proof of Concept When users contribute to the ReraiseETHCrowdfund, it mints the crowdfund NFT in contribute. File:...
Users wouldn't refund from the lost ETH crowdfunds due to the lack of ETH
Lines of code Vulnerability details Impact After the ETH crowdfunds are lost, contributors wouldn't refund their funds because the crowdfunds contract doesn't have enough ETH balance. Proof of Concept The core flaw is calculateRefundAmount might return more refund amount than the original...
ReraiseETHCrowdfund.sol: party card transfer can be front-run by claiming pending voting power which results in a loss of the voting power
Lines of code Vulnerability details Impact In this report I show how an attacker can abuse the fact that anyone can call ReraiseETHCrowdfund.claim for any user and add voting power to an existing party card. The result can be a griefing attack whereby the victim loses voting power. In some cases...
ETHCrowdfundBase.sol: all funds are lost when fee recipient cannot receive ETH
Lines of code Vulnerability details Impact In the ETHCrowdfundBase contract a fundingSplitRecipient address is configured which receives a percentage of the funds in case the crowdfund is won. Neither the fundingSplitRecipient address nor the fundingSplitBps percentage can be changed. The issue i...
Early contributor can always become majority of crowdfund leading to rugging risks.
Lines of code Vulnerability details Description Voting power is distributed to crowdfund contributors according to the amount contributed divided by NFT purchase price. Attacker can call the buy function of BuyCrowdfund / CollectionBuyCrowdfund, and use only the first X amount of contribution fro...
A malicious user could stuck crowdfund ETH
Lines of code Vulnerability details Impact A user could freeze funds accumulated in a crowdfund and execute a "fake sale" that would be the approval of the token. Proof of Concept A group of users create a crowdfund, they raise money to buy the most good looking Bored Ape. An attacker would buy i...
Previously nominated delegate can reset the delegation
Lines of code Vulnerability details burn allows for previously recorded delegate to set himself to be contributor's delegate even if another one was already chosen. This can be quite material as owner choice for the whole voting power is being reset this way to favor the old delegate. Proof of...
Rounding errors can lead to wrong voting power
Lines of code Vulnerability details Impact The calculation of voting power in Crowdfund.getFinalContribution can lead to loss of voting power due to rounding errors. Tools Used Manual audit --- The text was updated successfully, but these errors were encountered: All reactions...
Attacker can DOS private party by donating ETH then calling buy
Lines of code Vulnerability details Impact Party is DOS'd and may potentially lose access to NFT Proof of Concept Crowdfund.solL280-L298 party = party = partyFactory .createParty addressthis, Party.PartyOptions name: name, symbol: symbol, governance: PartyGovernance.GovernanceOpts hosts:...
Hash result truncation
Lines of code Vulnerability details Description There is function hashFixedGovernanceOpts in Crowdfund contract and function getDistributionHash in TokenDistributor contract. The first one truncates the hash result to 16 bytes, the second to 15 bytes. Impact It is possible to find a collision for...
# Only part of keccak256() is used as hash, making it susceptible to collision attacks
Lines of code Vulnerability details At 2 places in the code only part of the output of keccak256 is used as the hash: At TokenDistributor - DistributionState.distributionHash15 - uses only a 15 bytes as a hash This one is intended to save storage At Crowdfund.governanceOptsHash a 16 bytes is used...