You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 21, 2024. It is now read-only.
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
Setting a new Vote Factor through a setVoteFactor() call could cause a Denial of Service in the airdrops
Summary
Setting a new Vote Factor through a setVoteFactor() call could cause a Denial of Service in the airdrops as during the claim "voting power" is burnt. If the voting factor is increased contracts would try to burn more tokens than what they were minted in the first place, reverting and blocking the airdrops.
Vulnerability Detail
Setting a new Vote Factor through a setVoteFactor() call could cause a Denial of Service in the airdrops as during the claim "voting power" is burnt: AdvanceDistributor contract:
function _executeClaim(
addressbeneficiary,
uint256totalAmount
) internalvirtualoverridereturns (uint256_claimed) {
_claimed =super._executeClaim(beneficiary, totalAmount);
// reduce voting power through ERC20Votes extension_burn(beneficiary, tokensToVotes(_claimed));
}
If the voting factor is increased contracts would try to burn more tokens than what they were minted in the first place, reverting and blocking the airdrops.
After the week 4, user has claimed 50% of the tokens. Owner calls contract_CrosschainTrancheVestingMerkle.setVoteFactor(30000);. (Previous vote factor was 20000).
Then after week 8, user tries to claim his remaining vested tokens but it reverts:
sherlock-admin2
changed the title
Custom Chiffon Mantis - Setting a new Vote Factor through a setVoteFactor() call could cause a Denial of Service in the airdrops
r0bert - Setting a new Vote Factor through a setVoteFactor() call could cause a Denial of Service in the airdrops
Aug 6, 2023
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
r0bert
high
Setting a new Vote Factor through a
setVoteFactor()
call could cause a Denial of Service in the airdropsSummary
Setting a new Vote Factor through a
setVoteFactor()
call could cause a Denial of Service in the airdrops as during the claim "voting power" is burnt. If the voting factor is increased contracts would try to burn more tokens than what they were minted in the first place, reverting and blocking the airdrops.Vulnerability Detail
Setting a new Vote Factor through a
setVoteFactor()
call could cause a Denial of Service in the airdrops as during the claim "voting power" is burnt:AdvanceDistributor
contract:If the voting factor is increased contracts would try to burn more tokens than what they were minted in the first place, reverting and blocking the airdrops.
For example, based in the following tranches:
After the week 4, user has claimed 50% of the tokens. Owner calls
contract_CrosschainTrancheVestingMerkle.setVoteFactor(30000);
. (Previous vote factor was 20000).Then after week 8, user tries to claim his remaining vested tokens but it reverts:
Impact
Airdrops would be blocked. Users would not be able to claim.
Code Snippet
Tool used
Manual Review
Recommendation
Disallow setting a new voting factor after contract initialization.
Duplicate of #55
The text was updated successfully, but these errors were encountered: