You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 21, 2024. It is now read-only.
sherlock-admin opened this issue
Jul 21, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
AdvancedDistributer - Wrong mechanism around voteFactor and voting power
Summary
Voting power management using voteFactor is wrong because the voteFactor can change.
Vulnerability Detail
In AdvancedDistributor, voteFactor can be set by the owner and it can be updated multiple times.
This exposes a vulnerability in claiming rewards and calculating voting power.
When voteFactor is updated to a bigger one, users will not be able to claim their rewards because burning vote tokens will revert.
When voteFactor is updated to a smaller one, users will still have their remaining voting power even after claiming all rewards.
Impact
Based on how voteFactor is changed, claiming / adjustments will not be working or users will have their voting power even though they don't have rewards to claim.
sherlock-admin
changed the title
Crazy Pine Eel - AdvancedDistributer - Wrong mechanism around voteFactor and voting power
auditsea - AdvancedDistributer - Wrong mechanism around voteFactor and voting power
Aug 6, 2023
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
auditsea
high
AdvancedDistributer
- Wrong mechanism aroundvoteFactor
and voting powerSummary
Voting power management using
voteFactor
is wrong because thevoteFactor
can change.Vulnerability Detail
In
AdvancedDistributor
,voteFactor
can be set by the owner and it can be updated multiple times.This exposes a vulnerability in claiming rewards and calculating voting power.
When
voteFactor
is updated to a bigger one, users will not be able to claim their rewards because burning vote tokens will revert.When
voteFactor
is updated to a smaller one, users will still have their remaining voting power even after claiming all rewards.Impact
Based on how
voteFactor
is changed, claiming / adjustments will not be working or users will have their voting power even though they don't have rewards to claim.Code Snippet
https://github.com/sherlock-audit/2023-06-tokensoft/blob/main/contracts/contracts/claim/abstract/AdvancedDistributor.sol#L181-L183
https://github.com/sherlock-audit/2023-06-tokensoft/blob/main/contracts/contracts/claim/abstract/AdvancedDistributor.sol#L94
https://github.com/sherlock-audit/2023-06-tokensoft/blob/main/contracts/contracts/claim/abstract/AdvancedDistributor.sol#L120
Tool used
Manual Review
Recommendation
Either implement user-specific voting power or overwrite
balanceOf
function to reflectvoteFactor
in it.Duplicate of #55
The text was updated successfully, but these errors were encountered: