Skip to content

Issues: code-423n4/2023-10-party-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

75 Open 514 Closed
75 Open 514 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

QA Report bug Something isn't working grade-b Q-01 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#583 opened Nov 10, 2023 by c4-submissions
2
Analysis A-01 analysis-advanced grade-b sufficient quality report This report is of sufficient quality
#581 opened Nov 10, 2023 by c4-submissions
2
QA Report bug Something isn't working grade-b insufficient quality report This report is not of sufficient quality Q-02 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#580 opened Nov 10, 2023 by c4-submissions
4
Gas Optimizations bug Something isn't working G (Gas Optimization) G-01 grade-b sufficient quality report This report is of sufficient quality
#569 opened Nov 10, 2023 by c4-submissions
2
Analysis A-02 analysis-advanced grade-b insufficient quality report This report is not of sufficient quality
#567 opened Nov 10, 2023 by c4-submissions
2
QA Report bug Something isn't working grade-b insufficient quality report This report is not of sufficient quality Q-03 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#548 opened Nov 10, 2023 by c4-submissions
2
Parties have no mechanism to remove an authority bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-a insufficient quality report This report is not of sufficient quality Q-04 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#543 opened Nov 10, 2023 by c4-submissions
3
A user can reach maxTotalContribution, finalize, and then withdraw via rageQuit in a single transaction, effectively making a just finalized party fundless. bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-a insufficient quality report This report is not of sufficient quality primary issue Highest quality submission among a set of duplicates QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax satisfactory satisfies C4 submission criteria; eligible for awards
#534 opened Nov 10, 2023 by c4-submissions
23
The 51% majority can hijack the party's precious tokens through an arbitrary call proposal if the AddPartyCardsAuthority contract is added as an authority in the party. 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-01 satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sufficient quality report This report is of sufficient quality upgraded by judge Original issue severity upgraded from QA/Gas by judge
#533 opened Nov 10, 2023 by c4-submissions
23
Gas Optimizations bug Something isn't working G (Gas Optimization) G-02 grade-a sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#531 opened Nov 10, 2023 by c4-submissions
3
If an arbitrary call does not spend the attached value, the msg.sender is not adequately refunded bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-a insufficient quality report This report is not of sufficient quality QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax satisfactory satisfies C4 submission criteria; eligible for awards
#522 opened Nov 10, 2023 by c4-submissions
15
Mishandling of token balance allocation for distributions allows an attacker to drain double-entry tokens from the token distributor bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b Q-05 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons sufficient quality report This report is of sufficient quality
#515 opened Nov 10, 2023 by c4-submissions
13
AddPartyCardsAuthority has no function to abdicateAuthority bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-a insufficient quality report This report is not of sufficient quality QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#511 opened Nov 10, 2023 by c4-submissions
5
A user can contribute above maxContribution by contributeing multiple times in a single transaction bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-a insufficient quality report This report is not of sufficient quality primary issue Highest quality submission among a set of duplicates QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#498 opened Nov 10, 2023 by c4-submissions
4
QA Report bug Something isn't working grade-b Q-06 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
#483 opened Nov 10, 2023 by c4-submissions
2
Party does not prevent creation of proposals when crowdfunding is still ongoing, which allows proposals to easily succeed bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-a insufficient quality report This report is not of sufficient quality primary issue Highest quality submission among a set of duplicates QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#482 opened Nov 10, 2023 by c4-submissions
8
Some arbitrary proposal calls will fail because executeProposal() in ProposalExecutionEngine is not payable 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-01 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
#475 opened Nov 10, 2023 by c4-submissions
7
Gas Optimizations bug Something isn't working G (Gas Optimization) G-03 grade-b sufficient quality report This report is of sufficient quality
#464 opened Nov 10, 2023 by c4-submissions
2
Gas Optimizations bug Something isn't working G (Gas Optimization) G-04 grade-b sufficient quality report This report is of sufficient quality
#461 opened Nov 10, 2023 by c4-submissions
2
QA Report bug Something isn't working grade-b insufficient quality report This report is not of sufficient quality Q-07 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#457 opened Nov 10, 2023 by c4-submissions
3
QA Report bug Something isn't working grade-b insufficient quality report This report is not of sufficient quality Q-08 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#445 opened Nov 10, 2023 by c4-submissions
2
Analysis A-03 analysis-advanced grade-b sufficient quality report This report is of sufficient quality
#440 opened Nov 10, 2023 by c4-submissions
2
Gas Optimizations bug Something isn't working G (Gas Optimization) G-05 grade-b insufficient quality report This report is not of sufficient quality
#430 opened Nov 10, 2023 by c4-submissions
2
Analysis A-04 analysis-advanced grade-b sufficient quality report This report is of sufficient quality
#420 opened Nov 10, 2023 by c4-submissions
2
PartyGovernanceNFT.sol#mint - User can delegate another user funds to themselves and brick them from changing the delegation 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue edited-by-warden insufficient quality report This report is not of sufficient quality M-02 primary issue Highest quality submission among a set of duplicates satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report
#418 opened Nov 10, 2023 by c4-submissions
7
ProTip! Follow long discussions with comments:>50.