Platform: Code4rena
Start Date: 13/12/2023
Pot Size: $36,500 USDC
Total HM: 18
Participants: 110
Period: 8 days
Judge: 0xTheC0der
Id: 311
League: ETH
Rank: 98/110
Findings: 1
Award: $7.22
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: deth
Also found by: 00xSEV, 0xCiphky, 0xHelium, ABAIKUNANBAEV, Aamir, AkshaySrivastav, King_, Pechenite, SpicyMeatball, Tricko, ast3ros, ayden, bart1e, deth, fnanni, ke1caM, mahdirostami, peanuts, pep7siup, pontifex, ptsanev, roland, rvierdiiev, y4y
7.2215 USDC - $7.22
https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/CultureIndex.sol#L234 https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/CultureIndex.sol#L226 https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/CultureIndex.sol#L284
newPiece.quorumVotes can round down to zero when creating new piece in case totalSupply is very low; effect is CultureIndex.dropTopVotedPiece can drop a piece without meeting quorum vote
New piece quroum vote can be zero because there is a possibility of rounding down to zero in case totalsupply is very low or zero( In the early stages) as seen in this line https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/CultureIndex.sol#L234 qorum votes is calculated using this formula newPiece.quorumVotes = (quorumVotesBPS * newPiece.totalVotesSupply) / 10_000;
and totalVotesSupply is calculated using this code https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/CultureIndex.sol#L226 newPiece.totalVotesSupply = _calculateVoteWeight( erc20VotingToken.totalSupply(), erc721VotingToken.totalSupply() );
and _calculateVoteWeight() function is calculated using this code https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/CultureIndex.sol#L284 function _calculateVoteWeight(uint256 erc20Balance, uint256 erc721Balance) internal view returns (uint256) { return erc20Balance + (erc721Balance * erc721VotingTokenWeight * 1e18); }
So in the early stages when erc20VotingToken.totalSupply() and erc721VotingToken.totalSupply() are very low or zero _calculateVoteWeight() can return 0 or a very low uint Following , newPiece.quorumVotes = (quorumVotesBPS * newPiece.totalVotesSupply) / 10_000; could also return 0 due to some rounding down, of course setting quorumVotesBPS very high can orevent this only in case newPiece.totalVotesSupply is not 0, in case it's 0 newPiece.quorumVotes will be 0.
Manual review
DAO can mint some tokens in the early stage to increase for the treasury to prevent rounding down.
Error
#0 - c4-pre-sort
2023-12-23T02:09:18Z
raymondfam marked the issue as sufficient quality report
#1 - c4-pre-sort
2023-12-23T02:09:27Z
raymondfam marked the issue as duplicate of #16
#2 - c4-pre-sort
2023-12-24T15:11:30Z
raymondfam marked the issue as duplicate of #449
#3 - c4-judge
2024-01-06T16:03:19Z
MarioPoneder marked the issue as satisfactory