You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 21, 2024. It is now read-only.
sherlock-admin opened this issue
Jul 22, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
Vote manipulation and griefing in AdvancedDistributor
Summary
Upon a change in the vote factor, claims initialized in the past have a past vote factor counted in.
Vulnerability Detail
If the vote factor is changed, it can be increased or decreased. If it is increased, users who claimed for the first time (initialized their claim) are at an unfair loss, since addresses that initialized the claim later will get more votes per tokens.
On the other hand, if the vote factor is decreased, users who haven't initiated the claim yet will be at a disadvantage – they won't be able to receive as good rate as previously.
NOTE: The last option also presents a griefing attack in case of any contracts derived from CrosschainMerkleDistributor which allows anyone to initialize any existing distribution record. Hence, the griefer can call this function before the decrease of the vote factor, can initialize other addresses' claims in order to lower their votes. This can be done, for example, to have a larger effective impact on vote results, because less vote tokens will be in circulation.
Impact
Depending on the time of initialization (which sometimes can be done maliciously by external parties), the voting power for claims of the same size may differ.
Code Snippet
function_initializeDistributionRecord(addressbeneficiary,uint256totalAmount)internalvirtualoverride{super._initializeDistributionRecord(beneficiary,totalAmount);// add voting power through ERC20Votes extension_mint(beneficiary,tokensToVotes(totalAmount));}
Tool used
Manual Review
Recommendation
Instead of using an ERC20 token balances mapping to store the voting balance, override the balanceOf(address voter) function to return tokensToVotes(records[voter].total).
sherlock-admin2
changed the title
Sticky Leather Lizard - Vote manipulation and griefing in AdvancedDistributor
Czar102 - Vote manipulation and griefing in AdvancedDistributorAug 6, 2023
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
Czar102
medium
Vote manipulation and griefing in
AdvancedDistributor
Summary
Upon a change in the vote factor, claims initialized in the past have a past vote factor counted in.
Vulnerability Detail
If the vote factor is changed, it can be increased or decreased. If it is increased, users who claimed for the first time (initialized their claim) are at an unfair loss, since addresses that initialized the claim later will get more votes per tokens.
On the other hand, if the vote factor is decreased, users who haven't initiated the claim yet will be at a disadvantage – they won't be able to receive as good rate as previously.
Impact
Depending on the time of initialization (which sometimes can be done maliciously by external parties), the voting power for claims of the same size may differ.
Code Snippet
Tool used
Manual Review
Recommendation
Instead of using an ERC20 token balances mapping to store the voting balance, override the
balanceOf(address voter)
function to returntokensToVotes(records[voter].total)
.Duplicate of #55
The text was updated successfully, but these errors were encountered: