5 matches found
Signature Verification for _verifyVoteSignature Function
Lines of code Vulnerability details Potential Risk: The verifyVoteSignature function in the CultureIndex contract is responsible for verifying signatures for specific votes. While it attempts to verify signatures, there are potential risks associated with signature verification. Proof of Concept...
Business Logic Vulnerability in dropTopVotedPiece Function
Lines of code Vulnerability details Potential Risk: The dropTopVotedPiece function in the CultureIndex contract allows the dropperAdmin to drop the top-voted piece. While the function checks if the caller is the dropperAdmin, there is a potential business logic vulnerability. The function only...
Exclusion of New Users Due to Token Max Supply
Lines of code Vulnerability details Summary New users are unable to participate in the protocol once the governance token's maximum supply is reached. Vulnerability Details To engage in the voting system, users need to acquire tokens directly from the protocol, a process managed by...
Signature Verification for voteForManyWithSig Function
Lines of code Vulnerability details Potential Risk: The voteForManyWithSig function in the CultureIndex contract allows users to vote on multiple pieceIds using a provided signature. While it attempts to verify the signature, there are some potential risks associated with signature verification...
voteForManyWithSig functions in CultureIndex are open to replay attacks if fails.
Lines of code Vulnerability details Impact If vote fails or reverts for any reason, the nonce in verifyVoteSignature doesn't increment. This leads to the same vote tx being replayed by anyone. Proof of Concept A user submits a vote via voteForManyWithSig, triggering verifyVoteSignature for...