Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attacker can manipulate user's delegate address #248

Closed
c4-submissions opened this issue Nov 9, 2023 · 7 comments
Closed

Attacker can manipulate user's delegate address #248

c4-submissions opened this issue Nov 9, 2023 · 7 comments
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-418 edited-by-warden insufficient quality report This report is not of sufficient quality partial-50 Incomplete articulation of vulnerability; eligible for partial credit only (50%)

Comments

@c4-submissions
Copy link
Contributor

c4-submissions commented Nov 9, 2023
edited by code4rena-admin
Loading

Lines of code

https://github.com/code-423n4/2023-10-party/blob/b23c65d62a20921c709582b0b76b387f2bb9ebb5/contracts/crowdfund/InitialETHCrowdfund.sol#L302
https://github.com/code-423n4/2023-10-party/blob/b23c65d62a20921c709582b0b76b387f2bb9ebb5/contracts/party/PartyGovernanceNFT.sol#L194-L200

Vulnerability details

Vulnerability Details

When a user contributes in crowdfund for the first time a nft will be minted and voting power will be delegated to delegate address provided by contributor but if it's not first contribution , delegate address won't be changed so attacker can front-run user contribution and perform contributeFor with desired delegate address and a low contribution amount , since delegate is configured in previous transaction when contribute is performed the delegate address provided by attacker won't be changed so attacker can benefit from delegated voting power to optional address .

Impact

Attackers benefit from free voting power

Proof of Concept

1 - user calls contribute for the first time and provides an address to delegate voting power
2 - attacker front-runs contribute and calls contributeFor and provides his own address as delegate
3 - delegate is configured in previous transaction so contribute doesn't change delegate address
4 - attacker use delegated voting power

Tools Used

Manual Review

Recommended Mitigation Steps

prevent providing delegate address in contributeFor function

Assessed type

Other
@c4-submissions c4-submissions added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working labels Nov 9, 2023
c4-submissions added a commit that referenced this issue Nov 9, 2023
@c4-submissions
mahdikarimi issue #248
68a6b5a
@ydspa
Copy link

ydspa commented Nov 12, 2023

Insufficient proof

Invalid

@c4-pre-sort
Copy link

ydspa marked the issue as insufficient quality report

@c4-pre-sort c4-pre-sort added the insufficient quality report This report is not of sufficient quality label Nov 12, 2023
@c4-judge c4-judge removed the 3 (High Risk) Assets can be stolen/lost/compromised directly label Nov 19, 2023
@c4-judge
Copy link
Contributor

gzeon-c4 changed the severity to 2 (Med Risk)

@c4-judge c4-judge added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value downgraded by judge Judge downgraded the risk level of this issue labels Nov 19, 2023
@c4-judge
Copy link
Contributor

gzeon-c4 marked the issue as duplicate of #418

@c4-judge c4-judge added the partial-50 Incomplete articulation of vulnerability; eligible for partial credit only (50%) label Nov 19, 2023
@c4-judge
Copy link
Contributor

gzeon-c4 marked the issue as partial-50

@c4-judge
Copy link
Contributor

gzeon-c4 marked the issue as satisfactory

@c4-judge c4-judge added satisfactory satisfies C4 submission criteria; eligible for awards partial-50 Incomplete articulation of vulnerability; eligible for partial credit only (50%) and removed partial-50 Incomplete articulation of vulnerability; eligible for partial credit only (50%) satisfactory satisfies C4 submission criteria; eligible for awards labels Nov 19, 2023
@c4-judge
Copy link
Contributor

gzeon-c4 marked the issue as partial-50

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-418 edited-by-warden insufficient quality report This report is not of sufficient quality partial-50 Incomplete articulation of vulnerability; eligible for partial credit only (50%)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ydspa @c4-judge @c4-pre-sort @c4-submissions @code4rena-admin