merklejerk
commented
1 year ago Gatekeepers are out of scope and no assets would be at risk. However, this particular gatekeeper TokenGateKeeper is intended for casual use so we aren't concerned.
Closed code423n4 closed 1 year ago
merklejerk
commented
1 year ago Gatekeepers are out of scope and no assets would be at risk. However, this particular gatekeeper TokenGateKeeper is intended for casual use so we aren't concerned.
HardlyDifficult
commented
1 year ago Out of scope - closing as invalid.
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/crowdfund/Crowdfund.sol#L393 https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/gatekeepers/TokenGateKeeper.sol#L31-L38
Vulnerability details
Impact
Users, don't have a
Tokenforcontributionbut they can bypass this check easyProof of Concept
If the
Crowdfundis private by usingTokenGateKeeper.solThecontributorcancontributionand then send theNFTorERC20to another user address. So two users or more can send acontributionwith the sameTokenTO BYPASSisAllowed()Recommended Mitigation Steps
If it uses
NFTyou can track theids