Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A user can delegate his tire voting to a zero address #228

Open
code423n4 opened this issue Oct 23, 2022 · 6 comments
Open

A user can delegate his tire voting to a zero address #228

code423n4 opened this issue Oct 23, 2022 · 6 comments
Labels
bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b Q-48 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/jbx-protocol/juice-nft-rewards/blob/f9893b1497098241dd3a664956d8016ff0d0efd0/contracts/JB721TieredGovernance.sol#L177

Vulnerability details

Impact

A user can lose his vote for a specific tire id by delegating his vote to a zero address.

Proof of Concept

In the setTierDelegate function and also in _delegateTier function which is called by the previous function the input delegated address is not checked. In the _delegateTier function, then is stored in the _tierDelegation mapping for a specific tire id. In the _moveTierDelegateVotes function also there is not any revert if the new delegated address is zero.

Tools Used

Manual

Recommended Mitigation Steps

Check delegated for not being zero.
@code423n4 code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Oct 23, 2022
code423n4 added a commit that referenced this issue Oct 23, 2022
@code423n4
SaharAP issue #228
d7ccd4d
@drgorillamd drgorillamd added the sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue label Oct 24, 2022
@drgorillamd
Copy link

This is not an issue, user can delegate votes at will (including delegating to another address later after delegating to address(0)), same as they can transfer to address(0) or vb.eth if they want.

This was referenced Oct 24, 2022
Closed
Closed
Open
@csanuragjain
Copy link

@drgorillamd
It wont be possible to delegate to other address post delegating to address 0. The reason being _moveTierDelegateVotes will only deduct vote and not increase. I have given detailed explanation at issue number 11
Can you please suggest

@drgorillamd
Copy link

@csanuragjain indeed, reopened 11 to give it another look, it kinda feels like a different issue tho

@Picodes
Copy link

Picodes commented Nov 4, 2022

The warden has not showed why the user won't be able to delegate to other address post delegating to address(0). Downgrading to QA has this issue only highlights a missing sanity check.

@c4-judge c4-judge added QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax downgraded by judge Judge downgraded the risk level of this issue and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Nov 7, 2022
c4-judge added a commit that referenced this issue Nov 7, 2022
@c4-judge
Q-report created from downgraded finding #228
f3606a8
@c4-judge
Copy link
Contributor

c4-judge commented Nov 7, 2022

Picodes changed the severity to QA (Quality Assurance)

@c4-judge
Copy link
Contributor

c4-judge commented Nov 7, 2022

Picodes marked the issue as grade-b

@C4-Staff C4-Staff added the Q-48 label Dec 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b Q-48 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@csanuragjain @Picodes @code423n4 @drgorillamd @c4-judge @C4-Staff