Platform: Code4rena
Start Date: 21/04/2022
Pot Size: $75,000 USDC
Total HM: 7
Participants: 45
Period: 7 days
Judge: 0xean
Total Solo HM: 5
Id: 111
League: ETH
Rank: 32/45
Findings: 1
Award: $147.76
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0xDjango, 0xmint, CertoraInc, Dravee, MaratCerby, Ruhum, VAD37, catchup, csanuragjain, defsec, delfin454000, dipp, fatima_naz, gzeon, hake, hyh, joestakey, kebabsec, oyc_109, rayn, robee, samruna, simon135, sorrynotsorry, teryanarmen
147.7629 USDC - $147.76
newMax and oldMax values in setMaxDelegates function of ERC20MultiVotes.solIn the setMaxDelegates function for ERC20MultiVotes.sol, if newMax is less than oldMax there might be some accounts with more delegates than what the new maxDelegates value allows.
Adding the condition newMax >= oldMax would fix this issue.
canContractExceedMaxDelegates to false in setContractExceedMaxDelegates function of ERC20MultiVotes.solIf the canExceedMax argument is set to false, the function canContractExceedMaxDelegates will revert not allowing an authorized admin to revoke the ability for an account to exceed the max delegates allowed.
Removing the canExceedMax from the condition in the function should allow canContractExceedMaxDelegates to be set to false.
#0 - Joeysantoro
2022-05-13T01:13:01Z
N02 won't revert if false. https://github.com/fei-protocol/flywheel-v2/blob/main/src/token/ERC20MultiVotes.sol#L123 can only revert if the arg is true