Lucene search
+L

8 matches found

Code423n4
Code423n4
•added 2023/11/10 12:0 a.m.•8 views

PartyGovernance contract cannot accept Eth

Lines of code Vulnerability details Impact The PartyGovernance contract does not have payable in it fallback back function which is the main context of allowing a contract to accept Ether or else it will revert or lost forever if receive. Proof of Concept Lack of payable fallback function is...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/11/10 12:0 a.m.•18 views

User loss his delegated voting power after delegation to another user.

Lines of code Vulnerability details Vulnerability Details When a user delegate voting power to another user, his previous voting power from delegation has been ignored at getVotingPowerAt since in case isDelegated is true getVotingPowerAt returns 0. Impact Delegated voting power cannot be utilize...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/11/10 12:0 a.m.•11 views

Stale preciousListHash state variable permanently prevents a party from executing non-unanimous arbitrary call proposals and poses a high security risk.

Lines of code Vulnerability details Overview of the execute function in PartyGovernance Before diving into the details of the vulnerability, I need to explain how the execute function works in the PartyGovernance.sol contract. The execute is the function responsible for executing a proposal after...

7.5AI score
Exploits0
Code423n4
Code423n4
•added 2023/04/13 12:0 a.m.•9 views

Voters can call VetoProposal.voteToVeto() as many times as they like.

Lines of code Vulnerability details Impact Each voter can veto a proposal if they want by calling voteToVeto several times to pass the passThresholdBps. Proof of Concept Every voter shouldn't vote several times, otherwise, the voting system will be broken. But voteToVeto doesn't check the already...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/04/07 12:0 a.m.•13 views

VetoProposal: proposals cannot be vetoed in all states in which it should be possible to veto proposals

Lines of code Vulnerability details Impact The VetoProposal contract allows to veto proposals with the voteToVeto function. The proposal can only be vetoed when it is in the Voting state, otherwise the voteToVeto function reverts. The issue is that the Voting state is not the only state in which ...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/09/19 12:0 a.m.•9 views

Front-running of accept call

Lines of code Vulnerability details Description There is accept and veto functions in the PartyGovernance contract. The functions accepts the proposalId accept function also accepts snapIndex, which does not contain any information about the proposal itself. As a result, transactions of users can...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/09/19 12:0 a.m.•6 views

A majority attack can easily bypass Zora auction stage in OpenseaProposal and steal the NFT from the party.

Lines of code Vulnerability details Description The PartyGovernance system has many defenses in place to protect against a majority holder stealing the NFT. One of the main protections is that before listing the NFT on Opensea for a proposal-supplied price, it must first try to be auctioned off o...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2022/09/19 12:0 a.m.•8 views

No control for the future Airdrop

Lines of code Vulnerability details Impact You can't control the airdrop NFT on this contract PartyGovernance.sol. You can only control the preciousListHash Proof of Concept The execute is check that the precious list preciousTokenIds and preciousTokens is valid or not if...

6.8AI score
Exploits0
Rows per page
Query Builder