Platform: Code4rena
Start Date: 03/05/2023
Pot Size: $60,500 USDC
Total HM: 25
Participants: 114
Period: 8 days
Judge: Picodes
Total Solo HM: 6
Id: 234
League: ETH
Rank: 73/114
Findings: 2
Award: $54.07
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: hyh
Also found by: Jiamin, Juntao, aashar, bytes032, circlelooper, mrpathfindr
17.8317 USDC - $17.83
Proposals with 0 funding votes are allowd to be updated in slate.
Winning proposals from screening stage will be voted upon in funding stage, then in the following challenge period, user can submit proposalIds in slate, if the sum of funding votes received by the proposals is higher than that of the existing slate, the top slate will be update to the new slate, proposals in the top slate are expected to be executed. In StandardFunding.sol, _validateSlate() is used to check if the submitted proposals is valid and to calculate the sum of funding votes. However, it does not check if any of the proposal received 0 funding votes, so it's possible that even if a proposal gets no funding vote, it may still be updated in slate and be executed after challenge period.
if (proposal.fundingVotesReceived < 0) revert InvalidProposalSlate();
Manual Review
Proposals with 0 funding votes should not be updated in slate, please refer to the following fix:
if (proposal.fundingVotesReceived <= 0) revert InvalidProposalSlate();
Access Control
#0 - c4-judge
2023-05-18T16:04:15Z
Picodes marked the issue as duplicate of #465
#1 - c4-judge
2023-05-30T20:11:35Z
Picodes marked the issue as partial-25
#2 - Picodes
2023-05-30T20:11:57Z