Platform: Code4rena
Start Date: 18/10/2022
Pot Size: $50,000 USDC
Total HM: 13
Participants: 67
Period: 5 days
Judge: Picodes
Total Solo HM: 7
Id: 172
League: ETH
Rank: 52/67
Findings: 1
Award: $37.88
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: berndartmueller
Also found by: 0x1f8b, 0x4non, 0xNazgul, 0xSmartContract, Aymen0909, BClabs, Diana, Jeiwan, Lambda, LeoS, RaoulSchaffranek, RaymondFam, RedOneN, ReyAdmirado, Rolezn, SaharAP, Trust, V_B, __141345__, a12jmx, bharg4v, brgltd, carlitox477, ch0bu, chaduke, cloudjunky, cryptostellar5, cryptphi, csanuragjain, d3e4, delfin454000, erictee, fatherOfBlocks, hansfriese, ignacio, joestakey, karanctf, ladboy233, lukris02, mcwildy, minhtrng, peanuts, ret2basic, seyni, slowmoses, svskaushik, tnevler, yixxas
37.8829 USDC - $37.88
The JB721TieredGovernance._moveTierDelegateVotes function emits a TierDelegateVotesChanged event with the wrong argument order. Events are used to communicate with the outside world - in particular, web3 uses events to obtain information from the blockchain to display on a website. The bug can affect the appearance of the Web3 front end. In the best case, the event is never used in the front end, and no harm is done. In the worst case, an attacker can exploit the situation to mislead users and convince them that he or somebody else holds a certain voting power.
VSCode
Reorder the parameters to match the argument order of the TierDelegateVotesChanged-definition.
#0 - drgorillamd
2022-10-24T10:41:42Z
Duplicate #93
#1 - c4-judge
2022-12-03T19:10:07Z
Picodes marked the issue as not a duplicate
#2 - c4-judge
2022-12-03T19:10:14Z
Picodes changed the severity to QA (Quality Assurance)
#3 - c4-judge
2022-12-03T19:10:23Z
Picodes marked the issue as grade-b