2 matches found
Increasing of totalVotingPower during crowdfund can lead to users losing funds.
Lines of code Vulnerability details Bug Description The recent code update allows authorities to be declared at the start of the crowdfunding phase. This change allows authority-restricted functions to be called during the crowdfunding phase by the authorities added in the party constructor...
increaseTotalVotingPower() can be front-ran by an attacker with a call to rageQuit() in order to withdraw more assets than the attacker should be able to claim.
Lines of code Vulnerability details Overview of the vulnerability / PoC The function increaseTotalVotingPower in PartyGovernanceNFT does not have a front-running protection against rageQuit allowing a user to walk away with more assets than he should. An example of the attack 1. A party member...