You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 21, 2024. It is now read-only.
sherlock-admin opened this issue
Jul 22, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
sherlock-admin
changed the title
Curly Cornflower Scallop - Should burn existing minted token for all beneficiaries before changing voteFactor
caventa - Should burn existing minted token for all beneficiaries before changing voteFactor
Aug 6, 2023
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
caventa
medium
Should burn existing minted token for all beneficiaries before changing voteFactor
Summary
Should burn existing minted token for all beneficiaries before changing voteFactor
Vulnerability Detail
ERC20Votes token is minted based on beneficiary's total amount
It is calculated using the following formula
where the minting procedure can be accessible by owner or anyone. [Note: if only owner can mint the token, then this issue is invalid].
The voteFactor can be changed by owner.
Before changing voteFactor, system should ensure all tokens minted using old voteFactor to be burned using old voteFactor.
Impact
If not, either 1 or 2 would happen
Code Snippet
https://github.com/sherlock-audit/2023-06-tokensoft/blob/main/contracts/contracts/claim/abstract/AdvancedDistributor.sol#L84
https://github.com/sherlock-audit/2023-06-tokensoft/blob/main/contracts/contracts/claim/abstract/AdvancedDistributor.sol#L94
https://github.com/sherlock-audit/2023-06-tokensoft/blob/main/contracts/contracts/claim/abstract/AdvancedDistributor.sol#L120
https://github.com/sherlock-audit/2023-06-tokensoft/blob/main/contracts/contracts/claim/abstract/AdvancedDistributor.sol#L126
Tool used
Manual Review
Recommendation
Should burn existing minted token for all beneficiaries before changing voteFactor
Duplicate of #55
The text was updated successfully, but these errors were encountered: