8 matches found
Users can lose eth when contributing.
Lines of code Vulnerability details Impact When contributing in InitialETHCrowdfund, if minting adjusts the voting power for that user to cap it at totalVotingPower, the user does not get refunded the eth he lost. Proof of Concept PartyGovernanceNFTmint caps the mintedVotingPower at...
totalVotingPower is not being decreased in burn function in PartyGovernanceNFT.
Lines of code Vulnerability details Impact In PartyGovernanceNFT.burn function, burnAndUpdateVotingPower is being used which will reduce the votingPower from the burned nft and the mintedVotingPower. The totalVotingPower should be explicitly decreased in burn function which was missing here...
Fund Drainage Due to Reentrancy Vulnerability in Crowdfunding
Lines of code Vulnerability details Impact in the refund function, there is a problem, this function is reads the isAuthority state variable from the PartyGovernanceNFT contract after making an external call to the burn function of the same contract. The burn function in the PartyGovernanceNFT...
members can get less funds out than they should have in a rageQuit
Lines of code Vulnerability details Vulnerability details: Details: the function getVotingPowerShareOf in PartyGovernanceNft get's the voting power share of a tokenId and it does that by dividing the voting power that nft has by the totalVotingPower: function getVotingPowerShareOfuint256 tokenId...
Potential DDOS
Lines of code Vulnerability details Impact With three loops, and an On+ 0n2 complexity this could cause DOS with users not being able to call this functions Proof of Concept Tools Used Recommended Mitigation Steps Assessed type DoS --- The text was updated successfully, but these errors were...
Rage quit modifications should be limited to provide stronger guarantees to party members
Lines of code Vulnerability details Rage quit modifications should be limited to provide stronger guarantees to party members Party hosts can arbitrarily change the rage quit settings overriding any existing preset. Impact Rage quit is implemented in the PartyGovernanceNFT contract by using a...
Fairness should be denominated in mintedVotingPower rather than totalVotingPower
Lines of code Vulnerability details Impact Rage quitter receives too little. Proof of Concept The rage quitter receives a share votingPowerByTokenIdtokenId 1e18 / totalVotingPower of each token balance. However the sum of votingPowerByTokenIdtokenId over all tokenId, i.e. mintedVotingPower, may b...
Invalid Use of BODMAS in TokenDistributor.sol and PartyGovernanceNFT.sol
Lines of code Vulnerability details Invalid Use of BODMAS in TokenDistributor.sol and PartyGovernanceNFT.sol In contract TokenDistributor.sol we initializing the value of uint128 fee using a mathematical way but in a wrong manner their brackets are missing which will clear out the instance of usi...