It should not submit a project with no total budget. Requires at least one task with cost > 0 #348
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
documentation
Improvements or additions to documentation
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
valid
Lines of code
https://github.com/code-423n4/2022-08-rigor/blob/main/contracts/Community.sol#L206-L282
Vulnerability details
Impact
When publishing a project, there is still possibility the project doesn't have any task or 0 budget.
Proof of Concept
According to contest guideline, there is an information says
Meanwhile, on
publishProject()
in Community.sol, there is no check of this condition.Recommended Mitigation Steps
Add a new
require
which will check if the first task (which is at index 1), its cost is > 0.The text was updated successfully, but these errors were encountered: