7 matches found
Users of ReraiseCrowdfund will potentially not receive appropriate voting power
Lines of code Vulnerability details Bug Description The recent code update introduces the functionality for authorities to reduce the total voting power by invoking the decreaseTotalVotingPower function of the party. However, this functionality can lead to issues when used in the time frame after...
In ReraiseETHCrowdfund, contributors can bypass the maxContribution limit when disableContributingForExistingCard = false.
Lines of code Vulnerability details Impact ReraiseETHCrowdfund checks the maxContribution limit for each party card in claim and claimMultiple. But this limitation can be bypassed if contributors add the voting power to the existing party card. Proof of Concept When we check claim and...
Possible DOS attack using dust in ReraiseETHCrowdfund._contribute()
Lines of code Vulnerability details Impact Normal contributors wouldn't contribute to the crowdfund properly by a malicious frontrunner. Proof of Concept When users contribute to the ReraiseETHCrowdfund, it mints the crowdfund NFT in contribute. File:...
It's not always possible for a user to claim their voting power in ReraiseETHCrowdfund
Lines of code Vulnerability details Proof of Concept When a ReraiseETHCrowdfund has finalized, a user has 2 ways to claim their voting power - claim or claimMultiple. The condition in claim is that user's total contribution is no greater than the maxContribution. uint96 contribution = votingPower...
Contributors wouldn't claim their party cards from the finalized ReraiseETHCrowdfund by a malicious crowdfund creator.
Lines of code Vulnerability details Impact With the custom min/maxContributions settings, contributors wouldn't claim their part cards after the ReraiseETHCrowdfund was finalized. As a result, their funds will be locked inside the party forever because they can't claim from TokenDistributor witho...
ReraiseETHCrowdfund.sol: Multiple scenarios how pending votes might not be claimable which is a complete loss of funds for a user
Lines of code Vulnerability details Impact This issue is about how the ReraiseETHCrowdfund claim functionality can be broken. When the claim functionality is broken this means that a user cannot claim his voting power, resulting in a complete loss of funds. The claim functionality is not broken i...
InitialETHCrowdfund + ReraiseETHCrowdfund: Gatekeeper checks wrong address
Lines of code Vulnerability details Impact This vulnerability exists in both the InitialETHCrowdfund and ReraiseETHCrowdfund contracts in exactly the same way. I will continue this report by explaining the issue in only one contract. The mitigation section however contains the fix for both...