-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PartyGovernanceNFT advertises but does not honor the ERC-4906 standard #340
Comments
QA: L |
ydspa marked the issue as insufficient quality report |
gzeon-c4 marked the issue as primary issue |
gzeon-c4 marked the issue as selected for report |
gzeon-c4 marked the issue as satisfactory |
Judging as Med due to broken support of ERC4960
|
0xble (sponsor) confirmed |
Hi @gzeon-c4 can you please review the tags of this issue? "Selected for report", "sponsor confirmed" and "insufficient quality report" seem to somewhat clash between each other 😅 |
"insufficient quality report" is tag only used for presort |
Lines of code
https://github.com/code-423n4/2023-10-party/blob/b23c65d62a20921c709582b0b76b387f2bb9ebb5/contracts/party/PartyGovernanceNFT.sol#L208
https://github.com/code-423n4/2023-10-party/blob/b23c65d62a20921c709582b0b76b387f2bb9ebb5/contracts/party/PartyGovernanceNFT.sol#L236
https://github.com/code-423n4/2023-10-party/blob/b23c65d62a20921c709582b0b76b387f2bb9ebb5/contracts/party/PartyGovernanceNFT.sol#L247
https://github.com/code-423n4/2023-10-party/blob/b23c65d62a20921c709582b0b76b387f2bb9ebb5/contracts/party/PartyGovernanceNFT.sol#L255
Vulnerability details
The PartyGovernanceNFT contract inherits from PartyGovernance, and through it, it advertises support for the ERC-4906 standard:
because of this, consumers like NFT marketplaces or block explorer expect updates from PartyGovernanceNFT in the form of
MetadataUpdate
orBatchMetadataUpdate
events whenever the metadata of its NFTs changes.The protocol has a default implementation of Party metadata, which, among other information, includes voting power:
Consequently, the metadata is expected to change whenever a single NFT's voting power, or the contract's total voting power are updated.
However, when this happens, no
MetadataUpdate
orBatchMetadataUpdate
event is raised.The following vote-share (and consequently metadata) changing functions have been identified, and none emits the required events:
As a consequence, off-chain platforms like NFT marketplaces or block explorers may show stale metadata for the NFTs, and token holders can use this stale data to their advantage.
To add context, openness to having PartyGovernanceNFT tokens traded on a marketplace seems a reasonable use case since the team opted for implementing the ERC-2981 standard for PartyGovernanceNFT tokens.
Impact
PartyGovernanceNFT tokens may be exchanged for inflated prices on platforms showing stale data.
Proof of Concept
Starting with a PartyGovernanceNFT (after crowdfunding is finalized) that delegates its
tokenURI
to a PartyNFTRenderer contract:tokenURI
increaseVotingPower
ordecreaseVotingPower
for the given NFT:tokenURI
and observe how it's changedMetadataUpdate
was calledincreaseTotalVotingPower
ordecreaseTotalVotingPower
tokenURI
and observe how it's changedBatchMetadataUpdate
was calledTools Used
Code review, Foundry
Recommended Mitigation Steps
Consider updating:
PartyGovernanceNFT.increaseVotingPower
to emit aMetadataUpdate
eventPartyGovernanceNFT.decreaseVotingPower
to emit aMetadataUpdate
eventPartyGovernanceNFT.increaseTotalVotingPower
to emit aBatchMetadataUpdate
eventPartyGovernanceNFT.decreaseTotalVotingPower
to emit aBatchMetadataUpdate
eventAssessed type
ERC721
The text was updated successfully, but these errors were encountered: