Back to 0xA5DF's contests

Party DAO - 0xA5DF's results

Protocol for group coordination.

General Information

Platform: Code4rena

Start Date: 31/10/2023

Pot Size: $60,500 USDC

Total HM: 9

Participants: 65

Period: 10 days

Judge: gzeon

Total Solo HM: 2

Id: 301

League: ETH

PartyDAO

Findings Distribution

Researcher Performance

Rank: 15/65

Findings: 1

Award: $716.76

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryPartyDAO

Findings Information

🌟 Selected for report: TresDelinquentes

Also found by: 0xA5DF, 3docSec, Pechenite

Labels

bug
2 (Med Risk)
downgraded by judge
satisfactory
insufficient quality report
duplicate-237

Awards

716.7564 USDC - $716.76

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-10-party/blob/053fb9345b0739b3c26d12e1eae1eefbfd70b223/contracts/party/PartyGovernanceNFT.sol#L426-L432

Vulnerability details

During rage quit the rage quitter supplies a list of tokens to take a fair share of and the expected minimum amount out. If the share of any of the tokens is less than the minimum then the function reverts. However, if the share is zero then the minimum amount is ignored and the function doesn't revert. A user might be rage quitting during a proposal execution that empties out a token (e.g. the party is purchasing an NFT) expecting the function to revert if the proposal was executed already. But in that case the function wouldn't revert and the user would end up losing a part of their share.

Impact

Rage quitter might get less than the fair share they deserve

Proof of Concept

In the following code snippet it can be seen that the check is done only if amount > 0

                if (amount > 0) {
                    uint256 minAmount = minWithdrawAmounts[i];

                    // Check amount is at least minimum.
                    if (amount < minAmount) {
                        revert BelowMinWithdrawAmountError(amount, minAmount);
                    }

In case that amount is zero - revert if the minimum amount is greater than zero

Assessed type

Other

#0 - ydspa

2023-11-11T14:50:32Z

QA: L

#1 - c4-pre-sort

2023-11-11T14:50:40Z

ydspa marked the issue as insufficient quality report

#2 - c4-pre-sort

2023-11-12T05:01:39Z

ydspa marked the issue as primary issue

#3 - c4-judge

2023-11-19T14:50:31Z

gzeon-c4 changed the severity to 2 (Med Risk)

#4 - gzeon-c4

2023-11-19T14:51:50Z

Potential value leak, no reason to ignore specified values. Judging as Med instead of High because while a function of the protocol is impacted, asset is not lost considering the user should call ragequit before the proposal that transfer out the token is executed.

#5 - c4-judge

2023-11-19T14:52:00Z

gzeon-c4 marked the issue as selected for report

#6 - c4-judge

2023-11-19T14:52:04Z

gzeon-c4 marked the issue as satisfactory

#7 - c4-judge

2023-11-26T17:35:04Z

gzeon-c4 marked the issue as not selected for report

#8 - c4-judge

2023-11-26T17:36:24Z

gzeon-c4 marked issue #237 as primary and marked this issue as a duplicate of 237

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter