when you buy a new VotingPower. You need to undelegated them before the next proposal
Proof of Concept
-When Alice sell his NFT by calling transferFrom() on PartyGovernanceNFT.sol. it will be set for the delegating to the previous delegator. but he actually doesn't have any VotingPower
-But is Alice decide after some time to buy some VotingPower
the VotingPower will go to the previous delegator
Alice needs to undelegated their NFT to get all new VotingPower
Recommended Mitigation Steps
undelegated automatically when someone sells their VotingPower
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L911
Vulnerability details
Impact
when you buy a new
VotingPower
. You need to undelegated them before the next proposalProof of Concept
-When Alice sell his
NFT
by callingtransferFrom()
onPartyGovernanceNFT.sol
. it will be set for the delegating to the previous delegator. but he actually doesn't have anyVotingPower
-But isAlice
decide after some time to buy someVotingPower
VotingPower
will go to the previous delegatorNFT
to get all newVotingPower
Recommended Mitigation Steps
undelegated automatically when someone sells their
VotingPower