334 matches found
Artist Royalty Split Proposal Functionality Missing
Lines of code Vulnerability details Impact The protocol's documentation specifies that royalty splits can be proposed by the artist and accepted by the admin. However, the MinterContract does not implement the functionality for artists to propose royalty splits. This inconsistency between the...
The 51% majority can hijack the party's precious tokens through an arbitrary call proposal if the AddPartyCardsAuthority contract is added as an authority in the party.
Lines of code Vulnerability details Pre-requisite knowledge & an overview of the features in question 1. The AddPartyCardsAuthority contract: The AddPartyCardsAuthority contract is a contract designed to be integrated into a Party and it has only one purpose, and it is to mint new party governanc...
Host(s) + majority can steal assets of minority+other hosts without any option for minority(+otherhosts) to ragequit.
Lines of code Vulnerability details Impact The ragequit functionality is put in place to protect the rights of the minority, who are not in support of a proposal, and allow them to withdraw their share of assets and exit the party. In some cases, minority will not have the opportunity to ragequit...
A single host can approve a proposal for all other hosts in the Party
Lines of code Vulnerability details Summary A single host can approve a proposal by transferring the host role to dummy accounts and voting again to increment the number of approvals. Impact When a proposal is created in a Party, the number of active hosts is snapshotted in the proposal state...
In parties with more than one host, a single host can bypass the execution delay of a proposal by transferring his host status to other addresses of his.
Lines of code Vulnerability details The Vulnerability After a proposal has gathered enough votes to pass, it waits through a period defined in the governance values named executionDelay. That executionDelay period is bypassed and the proposal can be executed immediately if ALL hosts of the party...
Attacker can take over and hijack any and every asset of a party initialized with the governance value distributionsRequireVote set to false, through the utilization of a flash loan.
Lines of code Vulnerability details Pre-requisite knowledge & an overview of the features in question 1. The distributionsRequireVote flag: The distributionsRequireVote flag is a governance value flag set to false by default in the governance values. It determines whether or not a party member ca...
A single host can vote on a proposal, then abdicate to another address and vote again to wrongly increase numHostsAccepted, and make a proposal ready for execution against the desire of the other hosts
Lines of code Vulnerability details Impact Protocol's intended functionality is: If all hosts accept a passed proposal, then veto period for that proposal will be skipped, and Proposal will immediately be "Ready" for execution. Note that the requirement is "ALL HOSTS accept a proposal", but a...
Vote power can be manipulated to propose and/or pass needed proposals
Lines of code Vulnerability details Impact The PartyGovernance contract is susceptible to vote manipulation, as an attacker could potentially acquire a substantial loan, even without collateral, within a single block before submitting a proposal. The voting process solely considers this particula...
A Controversial Plan to Scan Private Messages for Child Abuse Meets Fresh Scandal
An EU government body is pushing a proposal to combat child sexual abuse material that has significant privacy implications. Its lead advocate is making things even messier...
CVE-2023-41880
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...
Design/Logic Flaw
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...
CVE-2023-41880 Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...
CVE-2023-41880
CVE-2023-41880 affects Wasmtime on x86_64 where a miscompilation of the WebAssembly i64x2.shr_s instruction occurs for constant shift amounts greater than 32. Versions 10.0.0 through 10.0.2, 11.0.2, and 12.0.1 contain the issue; patch versions 10.0.2, 11.0.2, and 12.0.2 fix it (11.0.2 and 12.0.2 ...
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Impact Wasmtime versions from 10.0.0 to 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so all other targets are not affected by this. The miscompilation results i...
Malicious user can prevent the creation of a proposal
Lines of code Vulnerability details Vulnerability Detail The LivepeerGovernor inherits OpenZeppelin's GovernorUpgradeable contract. The GovernorUpgradeable utilizes the hashProposal function to generate a unique hash when creating a new proposal. The hash depends solely on input parameters:...
[H-01] GovernorCountingOverridable.castVoteBySig()/castVoteWithReasonAndParamsBySig(): Possible signature replay attacks to influence proposal execution
Lines of code Vulnerability details Impact In the GovernorCountingOverridable.sol inherited by LivePeerGovernor.sol, users can provide a signature to allow someone else to vote on their behalf using the castVoteBySig/castVoteWithReasonAndParamsBySig function since this functions are not overriden...
Malicious actor can remove anyone's vote
Lines of code Vulnerability details Impact The GovernorCountingOverridable contract of the protocol is used to record the governance votes for different proposals and it allows the users to delegate their voting power to anyone. The handleVoteOverrides in the GovernorCountingOverridable contract...
SecurityCouncilMemberElectionGovernor propose() function is not properly restricted
Lines of code Vulnerability details summary The propose function in the SecurityCouncilMemberElectionGovernor contract is not properly restricted. This means that any user can call it, including attackers. Description The propose function in the SecurityCouncilMemberElectionGovernor contract is...
SecurityCouncilMemberElectionGovernor Owner Can Change votingPeriod During an Active Election
Lines of code Vulnerability details Impact In SecurityCouncilMemberElectionGovernor contract : relay function enables the contract owner from making calls to any contract address. And in SecurityCouncilMemberElectionGovernorCountingUpgradeable contract: setFullWeightDuration can be accessed only ...
Consider Disabling Inherited _cancel Function In The Governor Contracts
Lines of code Vulnerability details Impact The currently used openzeppelin upgradeable contracts dependency @openzeppelin/contracts-upgradeable is v4.7.3 The security council management contracts are inheriting the openzeppelin GovernorUpgradeable contracts to manage proposals. This version of...