Back to Neon2835's contests

Party DAO - Neon2835's results

Protocol for group coordination.

General Information

Platform: Code4rena

Start Date: 31/10/2023

Pot Size: $60,500 USDC

Total HM: 9

Participants: 65

Period: 10 days

Judge: gzeon

Total Solo HM: 2

Id: 301

League: ETH

PartyDAO

Findings Distribution

Researcher Performance

Rank: 40/65

Findings: 1

Award: $152.37

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryPartyDAO

Findings Information

🌟 Selected for report: TresDelinquentes

Also found by: 3docSec, Arz, Bauchibred, D1r3Wolf, J4X, Neon2835, Pechenite, adeolu, chainsnake

Labels

bug
2 (Med Risk)
downgraded by judge
satisfactory
insufficient quality report
duplicate-127

Awards

152.3655 USDC - $152.37

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-10-party/blob/b23c65d62a20921c709582b0b76b387f2bb9ebb5/contracts/crowdfund/ETHCrowdfundBase.sol#L148-L150 https://github.com/code-423n4/2023-10-party/blob/b23c65d62a20921c709582b0b76b387f2bb9ebb5/contracts/crowdfund/ETHCrowdfundBase.sol#L256-L258

Vulnerability details

Impact

In the _initialize function of the ETHCrowdfundBase contract, when minTotalContributions is equal to maxTotalContributions, crowdfund will never reach its minimum goal in some specific scenarios. The ETH of users who contribute to this crowdfund will be locked in the contract. They can only call the refund function to retrieve their ETH after the expiration time.

Proof of Concept

Suppose there is a new Party. During initialization, set the value of minTotalContributions equal to maxTotalContributions. The specific parameters are assumed to be:

Mintotalcontributions=10 eth Maxtotalcontributions=10 eth Mincontribution=2 eth Maxcontribution=3 eth Expiry=30 days

Now consider the following scenarios as examples:

  1. three users have contributed 3 eth, so the current totalContributions=9 eth.
  2. at this time, suppose Alice tries to contribute eth. Because maxTotalContributions=10 eth, he can contribute at most 1 eth, but minContribution=2 eth, so Alice can never complete the contribution. In this code segment, revert will always occur!
if (amount < minContribution_) {
    revert BelowMinimumContributionsError(amount, minContribution_);
}

Cod link: https://github.com/code-423n4/2023-10-party/blob/b23c65d62a20921c709582b0b76b387f2bb9ebb5/contracts/crowdfund/ETHCrowdfundBase.sol#L256-L258

This crowdfund will never reach 10eth means that the 9eth of the first three users will be locked in the contract for 30 days. Even the host cannot manually call finalize to end this crowdfund.

Tools Used

Visual Studio Code Foundry

Optimize the code in line 148 of the _initialize function of the ETHCrowdfundBase contract, and use >= to replace >, as follows:

if (opts.minTotalContributions >= opts.maxTotalContributions) {
    revert MinGreaterThanMaxError(opts.minTotalContributions, opts.maxTotalContributions);
}

Assessed type

Other

#0 - c4-pre-sort

2023-11-11T08:33:16Z

ydspa marked the issue as duplicate of #552

#1 - c4-pre-sort

2023-11-11T08:33:21Z

ydspa marked the issue as insufficient quality report

#2 - c4-judge

2023-11-19T14:33:03Z

gzeon-c4 marked the issue as unsatisfactory: Invalid

#3 - c4-judge

2023-11-19T14:40:13Z

gzeon-c4 marked the issue as unsatisfactory: Out of scope

#4 - c4-judge

2023-11-23T14:16:10Z

gzeon-c4 marked the issue as unsatisfactory: Out of scope

#5 - c4-judge

2023-11-23T14:16:56Z

gzeon-c4 changed the severity to 2 (Med Risk)

#6 - c4-judge

2023-11-23T14:20:22Z

gzeon-c4 marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter