Back to SaharAP's contests

Juicebox contest - SaharAP's results

The decentralized fundraising and treasury protocol.

General Information

Platform: Code4rena

Start Date: 18/10/2022

Pot Size: $50,000 USDC

Total HM: 13

Participants: 67

Period: 5 days

Judge: Picodes

Total Solo HM: 7

Id: 172

League: ETH

Juicebox

Findings Distribution

Researcher Performance

Rank: 51/67

Findings: 1

Award: $37.88

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryJuicebox

Findings Information

🌟 Selected for report: berndartmueller

Also found by: 0x1f8b, 0x4non, 0xNazgul, 0xSmartContract, Aymen0909, BClabs, Diana, Jeiwan, Lambda, LeoS, RaoulSchaffranek, RaymondFam, RedOneN, ReyAdmirado, Rolezn, SaharAP, Trust, V_B, __141345__, a12jmx, bharg4v, brgltd, carlitox477, ch0bu, chaduke, cloudjunky, cryptostellar5, cryptphi, csanuragjain, d3e4, delfin454000, erictee, fatherOfBlocks, hansfriese, ignacio, joestakey, karanctf, ladboy233, lukris02, mcwildy, minhtrng, peanuts, ret2basic, seyni, slowmoses, svskaushik, tnevler, yixxas

Awards

37.8829 USDC - $37.88

Labels

bug
downgraded by judge
QA (Quality Assurance)
sponsor disputed
grade-b
Q-48

External Links

Link to GitHub issue

Lines of code

https://github.com/jbx-protocol/juice-nft-rewards/blob/f9893b1497098241dd3a664956d8016ff0d0efd0/contracts/JB721TieredGovernance.sol#L177

Vulnerability details

Impact

A user can lose his vote for a specific tire id by delegating his vote to a zero address.

Proof of Concept

In the setTierDelegate function and also in _delegateTier function which is called by the previous function the input delegated address is not checked. In the _delegateTier function, then is stored in the _tierDelegation mapping for a specific tire id. In the _moveTierDelegateVotes function also there is not any revert if the new delegated address is zero.

Tools Used

Manual

Check delegated for not being zero.

#0 - drgorillamd

2022-10-24T08:19:48Z

This is not an issue, user can delegate votes at will (including delegating to another address later after delegating to address(0)), same as they can transfer to address(0) or vb.eth if they want.

#1 - csanuragjain

2022-10-24T11:45:25Z

@drgorillamd It wont be possible to delegate to other address post delegating to address 0. The reason being _moveTierDelegateVotes will only deduct vote and not increase. I have given detailed explanation at issue number 11 Can you please suggest

#2 - drgorillamd

2022-10-24T11:55:48Z

@csanuragjain indeed, reopened 11 to give it another look, it kinda feels like a different issue tho

#3 - Picodes

2022-11-04T10:00:53Z

The warden has not showed why the user won't be able to delegate to other address post delegating to address(0). Downgrading to QA has this issue only highlights a missing sanity check.

#4 - c4-judge

2022-11-07T18:13:06Z

Picodes changed the severity to QA (Quality Assurance)

#5 - c4-judge

2022-11-07T18:13:12Z

Picodes marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter