Back to IEatBabyCarrots's contests

Nouns DAO contest - IEatBabyCarrots's results

A DAO-driven NFT project on Ethereum.

General Information

Platform: Code4rena

Start Date: 22/08/2022

Pot Size: $50,000 USDC

Total HM: 4

Participants: 160

Period: 5 days

Judge: gzeon

Total Solo HM: 2

Id: 155

League: ETH

Nouns DAO

Findings Distribution

Researcher Performance

Rank: 11/160

Findings: 1

Award: $1,683.29

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryNouns DAO

Findings Information

🌟 Selected for report: cccz

Also found by: IEatBabyCarrots, KIntern_NA, Lambda, berndartmueller, bin2chen, csanuragjain, jayphbee, zzzitron

Labels

bug
duplicate
3 (High Risk)
old-submission-method

Awards

1683.2874 USDC - $1,683.29

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-08-nounsdao/blob/452695d4764ba9d5e1d3eef0d5ecca3d004f215a/contracts/base/ERC721Checkpointable.sol#L143

Vulnerability details

Impact

The delegate function contains a statement that sets the delegatee to msg.sender if the delegatee is the zero address if(delegatee == address(0)) delegatee = msg.sender; here yet the delegateBySig function does not. It doesn't seem to cause any loss of funds yet but it's clearly unintentional. Interactions with other contracts may break if they are assuming delegating to the zero address is not possible

Proof of Concept

Create an EIP-712 signature and pass in address(0) for the delegatee into function delegateBySig(address delegatee, uint256 nonce, uint256 expiry, uint8 v, bytes32 r, bytes32 s)

Tools Used

none

Above this line add require(delegatee != address(0));

#0 - eladmallel

2022-08-29T16:58:09Z

Duplicate of https://github.com/code-423n4/2022-08-nounsdao-findings/issues/157

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter