Contributions can be smaller than minContribution and may receive no voting power

Lines of code Vulnerability details Impact Valid contribution is awarded no voting power Proof of Concept ETHCrowdfundBase.solL195-L219 uint96 minContribution = minContribution; if amount maxContribution revert AboveMaximumContributionsErroramount, maxContribution; uint96 newTotalContributions =...

MaxContribution check can be bypassed to give a card high voting power

Lines of code Vulnerability details Proof of Concept ReraiseETHCrowdfund tries limit the voting power of each card by doing a min/maxContribution check in claim and claimMultiple. uint96 contribution = votingPower 1e4 / exchangeRateBps; uint96 maxContribution = maxContribution; // Check that the...

ReraiseETHCrowdfund#claimMultiple can be used to grief large depositors

Lines of code Vulnerability details Impact User can be grieved by being force minted a large number of NFTs with low voting power instead of one with high voting power Proof of Concept ReraiseETHCrowdfund.solL354-L377 for uint256 i; i maxContribution revert...

refund() for ETHCrowdfund may fail for the final user due to rounding discrepancies

Lines of code Vulnerability details Proof of Concept This is how fee is deducted from a user's contribution when the user contributes. Observe that amount at the end is slightly greater than it's suppose to be due to the rounding in the feeAmount calculation. if fundingSplitRecipient != address0 ...

VetoProposal#voteToVeto can be called repeatedly by same voter and be used to lock party

Lines of code Vulnerability details Impact Party can be locked due to not being able to pass and proposals Proof of Concept VetoProposal.solL37-L59 uint96 votingPower = party.getVotingPowerAt msg.sender, proposalValues.proposedTime - 1, snapIndex ; uint96 newVotes = votes + votingPower; // Check ...

An attacker can contribute to the ETH crowdfund using a flash loan and control the party as he likes.

Lines of code Vulnerability details Impact An attacker can have more than half of the total voting power using a flash loan and abuse other contributors. Proof of Concept The main flaw is that the party can distribute funds right after the crowdfund is finalized within the same block. So the...

ETHCrowdfundBase._finalize() calculates the total voting power wrongly.

Lines of code Vulnerability details Impact After the crowdfund is finalized, the party wouldn't work properly because total voting power is greater than the sum of all voters' voting power. In the worst case, any proposal including the distribution one wouldn't be executed because it doesn't meet...

Self-delgated users can have their delegation unknowingly hijacked during crowdfunding

Lines of code Vulnerability details Impact Self-delegation can be hijacked Proof of Concept PartyGovernance.solL886-L906 function adjustVotingPoweraddress voter, int192 votingPower, address delegate internal VotingPowerSnapshot memory oldSnap = getLastVotingPowerSnapshotForVotervoter; address...

OperatorProposal._executeOperation() should refund excess ETH

Lines of code Vulnerability details Impact There are excess ETH in OperatorProposal.executeOperation, and it should be refunded. Proof of Concept OperatorProposal.executeOperation runs data.operator.execute with data.operatorValue of ETH. data.operator.execute value: data.operatorValue...

Resizing tokenIds is wrong in CollectionBatchBuyOperator.execute()

Lines of code Vulnerability details Impact The implementation of resizing an array is wrong in assembly, so the length of the array tokenIds will be wrong. Proof of Concept In CollectionBatchBuyOperator.execute, tokenIds should be resized to tokensBought, and the implementation is as follows:...

Tokens with Fee on Transfer can break the PrivatePool invariant

Lines of code Vulnerability details Impact Some tokens take a transfer fee e.g. STA, PAXG, some do not currently charge a fee but may do so in the future e.g. USDT, USDC. Fees lead to the fact that the pool actually receives less funds than expected in the contract, and the reserve configuration ...

CHANGEFEE IS NOT CORRECTLY SCALED IN FLASHLOAN()

Lines of code Vulnerability details Impact changeFee that has been scaled with 4 decimals of of basis points is being adopted by flashloan. This could make the function behave in an unexpected manner than intended. Proof of Concept The fee is calculated as: PrivatePool.solL632 uint256 fee =...

In ReraiseETHCrowdfund, contributors can bypass the maxContribution limit when disableContributingForExistingCard = false.

Lines of code Vulnerability details Impact ReraiseETHCrowdfund checks the maxContribution limit for each party card in claim and claimMultiple. But this limitation can be bypassed if contributors add the voting power to the existing party card. Proof of Concept When we check claim and...

Contributors wouldn't claim their party cards from the finalized ReraiseETHCrowdfund by a malicious crowdfund creator.

Lines of code Vulnerability details Impact With the custom min/maxContributions settings, contributors wouldn't claim their part cards after the ReraiseETHCrowdfund was finalized. As a result, their funds will be locked inside the party forever because they can't claim from TokenDistributor witho...

Routing griefing via ERC-777 operator

Lines of code Vulnerability details Impact Currently, there is no router implemented for private pools in which NFTs are traded against ERC-20 tokens or it is not available in the repository. However, in the future, it is possible that some algorithm on the frontend will look for the optimal path...

Oracle could possibly flag stolen NFT after the NFT already was sold to the pool which leads to non-trivial impact

Lines of code Vulnerability details Impact Stolen NFT oracle is used to check if an NFT is stolen. It depends on ReservoirOracle. Check However, a stolen NFT could still be sold to the pool if it was flagged too late for whatever reason. The issue is that the pool allows buying stolen NFTs. This ...

Constant product formula is not maintained in deposit() and withdraw() functions.

Lines of code Vulnerability details Impact As constant product formula is not followed, during deposit/withdraw, actualReserves - both actual NFT and BaseToken are updated but virtualReserves are not updated. This could lead to incorrect price deviation for the trader, most reverting their...

It's not always possible for a user to claim their voting power in ReraiseETHCrowdfund

Lines of code Vulnerability details Proof of Concept When a ReraiseETHCrowdfund has finalized, a user has 2 ways to claim their voting power - claim or claimMultiple. The condition in claim is that user's total contribution is no greater than the maxContribution. uint96 contribution = votingPower...

A hacker can front-run the owner of a PrivatePool to drain the pool

Lines of code Vulnerability details Impact A hacker can sandwitch calls to setVirtualReserves or setMerkleRoot in a private pool and make an instant profit at the expense of the owner. For example, the hacker sees that there is a setVirtualReserves transaction in the mempool that will make the NF...

Voters can call VetoProposal.voteToVeto() as many times as they like.

Lines of code Vulnerability details Impact Each voter can veto a proposal if they want by calling voteToVeto several times to pass the passThresholdBps. Proof of Concept Every voter shouldn't vote several times, otherwise, the voting system will be broken. But voteToVeto doesn't check the already...

EthRouter large positive slippage stealing via PrivatePool reconfiguration

Lines of code Vulnerability details Impact In a high volatility pool with super valuable NFTs, there may be a large positive slippage that cannot be stolen by regular actors due to the high price step for each individual NFT, but it can be easily stolen by a pool owner's MEV bot that front-runs t...

PrivatePool.change does not work with token with less than 4 decimals

Lines of code Vulnerability details PrivatePool.change does a call to changeFeeQuote to calculate the fee amount. It computes an exponent as ERC20baseToken.decimals - 4 File: src/PrivatePool.sol 731: function changeFeeQuoteuint256 inputAmount public view returns uint256 feeAmount, uint256...

Possible DOS attack using dust in ReraiseETHCrowdfund._contribute()

Lines of code Vulnerability details Impact Normal contributors wouldn't contribute to the crowdfund properly by a malicious frontrunner. Proof of Concept When users contribute to the ReraiseETHCrowdfund, it mints the crowdfund NFT in contribute. File:...

Incorrect calculation of virtualBaseTokenReserves leads to incorrect pricing of NFTs

Lines of code Vulnerability details virtualBaseTokenReserves is recalculated every time a buy or sell operation is performed. The calculation is done incorrectly, so the next time a sale is made the price will be updated incorrectly. Impact buy and sell operations will be performed with incorrect...

Dangerous use of setVirtualReserves(), withdraw(), and execute() leads to incorrect configuration of PrivatePool

Lines of code Vulnerability details Impact The function setVirtualReserves allows arbitrary changes to the values of virtualBaseTokenReserves and virtualNftReserves, which determine the price of the NFT trade in the pool. However, the real balance of tokens or ether in the pool is not checked, so...

Users wouldn't refund from the lost ETH crowdfunds due to the lack of ETH

Lines of code Vulnerability details Impact After the ETH crowdfunds are lost, contributors wouldn't refund their funds because the crowdfunds contract doesn't have enough ETH balance. Proof of Concept The core flaw is calculateRefundAmount might return more refund amount than the original...

No router for PrivatePools with ERC20 base token

Lines of code Vulnerability details Impact There is no implementation of a router for PrivatePools with an ERC20 base token in the repository. PrivatePool is implemented without protection against slippage, which is assumed to be the responsibility of the router. Such a router exists for pools wi...

VetoProposal.voteToVeto() checks the proposal status wrongly.

Lines of code Vulnerability details Impact VetoProposal.voteToVeto wouldn't work as expected because voters can vote during the Voting status only. Proof of Concept When we check veto, it works during 3 statuses, Voting, Passed, Ready which is mentioned in the comment as well. ProposalStatus stat...

No check for minPrice and maxPrice in the deposit() function

Lines of code Vulnerability details Impact No check for minPrice and maxPrice in the deposit function could lead to unexpected consequences Proof of Concept In the function deposit function deposit address payable privatePool, address nft, uint256 calldata tokenIds, uint256 minPrice, uint256...

Upgraded Q -> 2 from #17 [1681332048307]

Judge has assessed an item in Issue 17 as 2 risk. The relevant finding follows: L-07 First user that stakes again after a period without stakers receives too many rewards The MuteAmplifier contract pays out rewards on a per second basis. Let's assume there is only 1 staker which is Bob. Say Bob...

ReraiseETHCrowdfund.sol: Multiple scenarios how pending votes might not be claimable which is a complete loss of funds for a user

Lines of code Vulnerability details Impact This issue is about how the ReraiseETHCrowdfund claim functionality can be broken. When the claim functionality is broken this means that a user cannot claim his voting power, resulting in a complete loss of funds. The claim functionality is not broken i...

Upgraded Q -> 2 from #245 [1681331462696]

Judge has assessed an item in Issue 245 as 2 risk. The relevant finding follows: 3. Insecure random number generation: Link : The current implementation of the drawing function uses a simple modulo operation with the seed as an argument, which can be easily predicted by attackers. I recommend usi...

Upgraded Q -> 2 from #219 [1681246395864]

Judge has assessed an item in Issue 219 as 2 risk. The relevant finding follows: Emojis split in different lines --- The text was updated successfully, but these errors were encountered: All reactions...

ETHCrowdfundBase.sol: totalVotingPower is increased too much in the _finalize function

Lines of code Vulnerability details Impact This issue is about how the ETHCrowdfundBase.finalize functions calls PartyGovernanceNFT.increaseTotalVotingPower with an amount that does not reflect the sum of the individual users' voting power. Thereby it will become impossible to reach unanimous...

ReraiseETHCrowdfund.sol: party card transfer can be front-run by claiming pending voting power which results in a loss of the voting power

Lines of code Vulnerability details Impact In this report I show how an attacker can abuse the fact that anyone can call ReraiseETHCrowdfund.claim for any user and add voting power to an existing party card. The result can be a griefing attack whereby the victim loses voting power. In some cases...

Upgraded Q -> 2 from #163 [1681245765448]

Judge has assessed an item in Issue 163 as 2 risk. The relevant finding follows: Attacker can use malicious BioText --- The text was updated successfully, but these errors were encountered: All reactions...

PartyGovernanceNFT.sol: burn function does not reduce totalVotingPower making it impossible to reach unanimous votes

Lines of code Vulnerability details Impact With the new version of the Party protocol the PartyGovernanceNFT.burn function has been introduced. This function is used to burn party cards. According to the sponsor the initial purpose of this function was to enable the InitialETHCrowdfund contract t...

ETHCrowdfundBase.sol: all funds are lost when fee recipient cannot receive ETH

Lines of code Vulnerability details Impact In the ETHCrowdfundBase contract a fundingSplitRecipient address is configured which receives a percentage of the funds in case the crowdfund is won. Neither the fundingSplitRecipient address nor the fundingSplitBps percentage can be changed. The issue i...

totalVotingPower needs to be snapshotted for each proposal because it can change and thereby affect consensus when accepting / vetoing proposals

Lines of code Vulnerability details Impact This issue does not manifest itself in a limited segment of the code. Instead it spans multiple contracts and derives its impact from the interaction of these contracts. In the PoC section I will do my best in explaining how this results in an issue. I...

InitialETHCrowdfund + ReraiseETHCrowdfund: Gatekeeper checks wrong address

Lines of code Vulnerability details Impact This vulnerability exists in both the InitialETHCrowdfund and ReraiseETHCrowdfund contracts in exactly the same way. I will continue this report by explaining the issue in only one contract. The mitigation section however contains the fix for both...

InitialETHCrowdfund + ReraiseETHCrowdfund: batchContributeFor function may not refund ETH which leads to loss of funds

Lines of code Vulnerability details Impact This vulnerability exists in both the InitialETHCrowdfund and ReraiseETHCrowdfund contracts in exactly the same way. I will continue this report by explaining the issue in only one contract. The mitigation section however contains the fix for both...

CollectionBatchBuyOperator.sol: tokenIds array is not shortened properly which makes execute function revert when not all NFTs are purchased successfully

Lines of code Vulnerability details Impact The CollectionBatchBuyOperator contract allows parties to buy NFTs through proposals. The proposal specifies an nftContract and token IDs via the nftTokenIdsMerkleRoot parameter that can be bought. Allowed executors can then execute the actual purchase b...

OperatorProposal.sol: Leftover ETH is not refunded to the msg.sender

Lines of code Vulnerability details Impact The OperatorProposal contract is a type of proposal that allows to execute operations on contracts that implement the IOperator interface. Upon execution of the proposal it might be necessary that the executor provides ETH. This is true especially when...

VetoProposal: proposals cannot be vetoed in all states in which it should be possible to veto proposals

Lines of code Vulnerability details Impact The VetoProposal contract allows to veto proposals with the voteToVeto function. The proposal can only be vetoed when it is in the Voting state, otherwise the voteToVeto function reverts. The issue is that the Voting state is not the only state in which ...

VetoProposal: user can veto multiple times so every proposal can be votoed by any user that has a small amount of votes

Lines of code Vulnerability details Impact The VetoProposal contract allows to veto proposals with the voteToVeto function. When the amount of votes collected to veto a proposal exceeds a certain threshold the passThresholdBps, which is determined upon initialization of the party, the proposal is...

Upgraded Q -> 2 from #13 [1680615156614]

Judge has assessed an item in Issue 13 as 2 risk. The relevant finding follows: Lines of code Vulnerability details Impact The MuteBond.deposit function allows the user to purchase a bond with LP tokens and receive MUTE tokens in return. The bondPrice increases linearly over time which I should...

Upgraded Q -> 2 from #17 [1680620822176]

Judge has assessed an item in Issue 17 as 2 risk. The relevant finding follows: L-10 It is possible in theory that stakes get locked due to call to LockTo with very small reward amount I pointed out and explained in my report 7 MuteBond.sol: deposit function reverts if remaining payout is very...

Upgraded Q -> 2 from #17 [1680620718364]

Judge has assessed an item in Issue 17 as 2 risk. The relevant finding follows: L-05 Check that staking cannot occur when endTime is reached The MuteAmplifier.stake function should require that the current timestamp is smaller than endTime even when the call to stake is the first that ever...

Upgraded Q -> 2 from #44 [1680620528235]

Judge has assessed an item in Issue 44 as 2 risk. The relevant finding follows: Low 1 RescueTokens doesn't have checks for fee0 & fee1 tokens. Admin might accidentally withdraw fee tokens that are supposed to be for the stakers: --- The text was updated successfully, but these errors were...

Attacker can steal the locked NFT in protocol because of lacking check in function borrowToBuy()

Lines of code Vulnerability details Impact In function borrowToBuy, the borrower takes a loan offer and uses the funds to purchase NFT. / Take the loan offer. / takeLoanOfferoffer, signature, lienId, loanAmount, collateralTokenId; / Lock token. / offer.collection.transferFrommsg.sender,...