This repository has been archived by the owner on Jan 21, 2024. It is now read-only.
jkoppel - setVoteFactor() does not change existing supply of votes. As a result, some may be unable to withdraw. #55
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
jkoppel
medium
setVoteFactor() does not change existing supply of votes. As a result, some may be unable to withdraw.
Summary
AdvancedDistributor.setVoteFactor()
does not change existing supply of vote tokens. If it is called before all distribution records have been initialized, there will be a skew between those who initialized before and those who initialized after. Further, if it is increased, those who initialized before will not have enough vote tokens to withdraw.Vulnerability Detail
Increase scenario (very bad):
Decrease scenario (less bad):
Impact
Increase scenario
If the vote factor is increased after deploying the contract, some people will not be able to withdraw, period.
It is still possible, however, for the owner of the contract to sweep the contract and manually give people their airdrop.
Decrease scenario
Cannot change vote factor after deploying contract without skewing existing votes.
Note there is no other mechanism to mint or burn vote tokens to correct this.
There is no code that currently uses voting, so this is potentially of no consequence.
However, presumably the voting functionality exists for a reason, and will be used by other code. In particular, the implementation of adjust() takes care to preserve people's number of voting tokens. As the distributor contracts are not upgradeable, this means no fair elections can be run atop airdrops deployed with the current code after setVoteFactor is called.
Code Snippet
https://github.com/sherlock-audit/2023-06-tokensoft/blob/main/contracts/contracts/claim/abstract/AdvancedDistributor.sol#L181
setVoteFactor does not change supply
https://github.com/sherlock-audit/2023-06-tokensoft/blob/main/contracts/contracts/claim/abstract/AdvancedDistributor.sol#L77
Voting tokens are minted at distribution record initialization time.
https://github.com/sherlock-audit/2023-06-tokensoft/blob/main/contracts/contracts/claim/abstract/AdvancedDistributor.sol#L87
tokensToVotes
uses the current voteFactor. If it has increased since someone's vote tokens were minted, they will not have enough tokens to burn, and soexecuteClaim
will revert.Tool used
Manual Review
Recommendation
Do not use separate voting tokens for votes; just use the amount of unclaimed token
The text was updated successfully, but these errors were encountered: