6 matches found
Missing Validation which could cause Underflow Error
Lines of code Vulnerability details Impact Two instances of Missing Validation which could cause Underflow Error are spotted at L194 and L593 of NFTBoostVault.sol contract, from L194 there is no check to validate that oldDelegateeVotes is greater than registration.latestVotingPower and from L593...
User cannot withdraw their ERC1155 tokens.
Lines of code Vulnerability details Impact In the NFTBoostVault.sol contract, users can only withdraw their ERC1155 if utilized when they are withdrawing all their tokens at once. this can lead to loss of funds for the users who decide to withdraw their locked tokens in bits. Proof of Concept Whe...
Users' registration amounts and contract balance state will be incremented incorrectly if the NFTBoostVault::_lockTokens() silently fails
Lines of code Vulnerability details Users can add and lock tokens to the NFTBoostVault contract to increase their voting power using addTokens function. This function will increment the contract's balance state and the user's registration.amount. Then, it will sync the voting power according to t...
NFTBoostVault is not a proper implementation/logic contract in upgradeability system
Lines of code Vulnerability details Impact As per the natspec comments in the NFTBoostVault contract, the NFTBoostVault contract "is Simple Proxy upgradeable which is the upgradeability system used for voting vaults in Council". This implies that this contract will be used as the...
IF FEE ON TRANSFER TOKEN CONFIGURED AS THE VOTING TOKEN FOR THE VAULT, IT COULD INTRODUCE ACCOUNTING ERROR FOR VOTE COUNT
Lines of code Vulnerability details Impact The NFTBoostVault.lockTokens function is used to transfer the ERC20 voting token of the vault and the ERC1155 NFT to the NFTBoostVault contract after accounting for their respective votes. The issue here is that a fee-on-transfer token could get selected...
[MEDIUM] NFTBoostVault#addNftAndDelegate - Not setting a delegatee in the addNftAndDelegate will cause the addTokens function and updateNft to revert
Lines of code Vulnerability details Impact The absence of a delegatee in the addNftAndDelegate function in the NFTBoostVault contract will cause the addTokens and updateNft functions to revert. This is due to the assumption that a delegatee has been set, which is not always true. This issue may...