15 matches found
Host(s) + majority can steal assets of minority+other hosts without any option for minority(+otherhosts) to ragequit.
Lines of code Vulnerability details Impact The ragequit functionality is put in place to protect the rights of the minority, who are not in support of a proposal, and allow them to withdraw their share of assets and exit the party. In some cases, minority will not have the opportunity to ragequit...
No token whitelist leaves rageQuit() vulnerable to malicious ERC20 token contracts
Lines of code Vulnerability details A malicious actor can exploit the PartyGovernanceNFT.sol::rageQuit function by specifying a malicious IERC20 contract in the withdrawTokens array. The malicious contract could "donate" tokens to the proxy contract to pass the balance check here and when the...
members can get less funds out than they should have in a rageQuit
Lines of code Vulnerability details Vulnerability details: Details: the function getVotingPowerShareOf in PartyGovernanceNft get's the voting power share of a tokenId and it does that by dividing the voting power that nft has by the totalVotingPower: function getVotingPowerShareOfuint256 tokenId...
increaseTotalVotingPower() can be front-ran by an attacker with a call to rageQuit() in order to withdraw more assets than the attacker should be able to claim.
Lines of code Vulnerability details Overview of the vulnerability / PoC The function increaseTotalVotingPower in PartyGovernanceNFT does not have a front-running protection against rageQuit allowing a user to walk away with more assets than he should. An example of the attack 1. A party member...
Upgraded Q -> 2 from #23 [1686021624118]
Judge has assessed an item in Issue 23 as 2 risk. The relevant finding follows: rageQuit cannot transfer ERC1155 fungible tokens --- The text was updated successfully, but these errors were encountered: All reactions...
Upgraded Q -> 2 from #9 [1685982867794]
Judge has assessed an item in Issue 9 as 2 risk. The relevant finding follows: Users might lose funds after calling rageQuit by malicious frontrunners. --- The text was updated successfully, but these errors were encountered: All reactions...
Upgraded Q -> 2 from #17 [1685982856814]
Judge has assessed an item in Issue 17 as 2 risk. The relevant finding follows: Ragequit can be frontrun by distribute call to cause losses to user who is ragequitting --- The text was updated successfully, but these errors were encountered: All reactions...
Upgraded Q -> 2 from #11 [1685528549173]
Judge has assessed an item in Issue 11 as 2 risk. The relevant finding follows: L-02 A reentrancy attack is possible in rageQuit by hosts --- The text was updated successfully, but these errors were encountered: All reactions...
Upgraded Q -> 2 from #26 [1685524804490]
Judge has assessed an item in Issue 26 as 2 risk. The relevant finding follows: L-02 Host can reduce rageQuit window --- The text was updated successfully, but these errors were encountered: All reactions...
Upgraded Q -> 2 from #26 [1685524775382]
Judge has assessed an item in Issue 26 as 2 risk. The relevant finding follows: L-01 Host can reenter rageQuit --- The text was updated successfully, but these errors were encountered: All reactions...
The distribution logic will be broken after calling rageQuit()
Lines of code Vulnerability details Impact Malicious users might receive more distributed funds than they should with higher distributionShare. Proof of Concept In PartyGovernanceNFT.sol, there is a getDistributionShareOf function to calculate the distribution share of party NFT. function...
Tokens with multiple entry points can lead to loss of funds in rageQuit()
Lines of code Vulnerability details Tokens with multiple entry points can lead to loss of funds in rageQuit ERC20 tokens with multiple entry points also known as double entry tokens or two address tokens can be used to exploit the rageQuit function and steal funds from the party. Impact The...
Users can withdraw more funds if the party has tokens with multiple addresses.
Lines of code Vulnerability details Impact Users can withdraw more funds if the party has tokens with multiple addresses. Proof of Concept Users can burn their party NFTs and take the share of the party's funds. function rageQuit uint256 calldata tokenIds, IERC20 calldata withdrawTokens, address...
Reentrancy guard in rageQuit() can be bypassed
Lines of code Vulnerability details Reentrancy guard in rageQuit can be bypassed The reentrancy guard present in the rageQuit function can be bypassed by host accounts, leading to reentrancy attack vectors and loss of funds. Impact The new rageQuit function can be used by party members to exit...
Host can instantly set rageQuitTimestamp and prevent members from rage quitting
Lines of code Vulnerability details Impact A malicious Host can front-run rage-quitting members and setRageQuitTimestamp to a time in the past and disable rageQuit. Proof of Concept Ragequit serves as a protective measure for members of a Party to do an emergency withdrawal of their assets in cas...