Lucene search
+L

7 matches found

Code423n4
Code423n4
•added 2023/11/10 12:0 a.m.•17 views

Users of ReraiseCrowdfund will potentially not receive appropriate voting power

Lines of code Vulnerability details Bug Description The recent code update introduces the functionality for authorities to reduce the total voting power by invoking the decreaseTotalVotingPower function of the party. However, this functionality can lead to issues when used in the time frame after...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/04/13 12:0 a.m.•14 views

In ReraiseETHCrowdfund, contributors can bypass the maxContribution limit when disableContributingForExistingCard = false.

Lines of code Vulnerability details Impact ReraiseETHCrowdfund checks the maxContribution limit for each party card in claim and claimMultiple. But this limitation can be bypassed if contributors add the voting power to the existing party card. Proof of Concept When we check claim and...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/04/13 12:0 a.m.•11 views

Possible DOS attack using dust in ReraiseETHCrowdfund._contribute()

Lines of code Vulnerability details Impact Normal contributors wouldn't contribute to the crowdfund properly by a malicious frontrunner. Proof of Concept When users contribute to the ReraiseETHCrowdfund, it mints the crowdfund NFT in contribute. File:...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/04/13 12:0 a.m.•11 views

It's not always possible for a user to claim their voting power in ReraiseETHCrowdfund

Lines of code Vulnerability details Proof of Concept When a ReraiseETHCrowdfund has finalized, a user has 2 ways to claim their voting power - claim or claimMultiple. The condition in claim is that user's total contribution is no greater than the maxContribution. uint96 contribution = votingPower...

6.6AI score
Exploits0
Code423n4
Code423n4
•added 2023/04/13 12:0 a.m.•9 views

Contributors wouldn't claim their party cards from the finalized ReraiseETHCrowdfund by a malicious crowdfund creator.

Lines of code Vulnerability details Impact With the custom min/maxContributions settings, contributors wouldn't claim their part cards after the ReraiseETHCrowdfund was finalized. As a result, their funds will be locked inside the party forever because they can't claim from TokenDistributor witho...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/04/12 12:0 a.m.•13 views

ReraiseETHCrowdfund.sol: Multiple scenarios how pending votes might not be claimable which is a complete loss of funds for a user

Lines of code Vulnerability details Impact This issue is about how the ReraiseETHCrowdfund claim functionality can be broken. When the claim functionality is broken this means that a user cannot claim his voting power, resulting in a complete loss of funds. The claim functionality is not broken i...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/04/09 12:0 a.m.•15 views

InitialETHCrowdfund + ReraiseETHCrowdfund: Gatekeeper checks wrong address

Lines of code Vulnerability details Impact This vulnerability exists in both the InitialETHCrowdfund and ReraiseETHCrowdfund contracts in exactly the same way. I will continue this report by explaining the issue in only one contract. The mitigation section however contains the fix for both...

6.8AI score
Exploits0
Rows per page
Query Builder