Voters are supposed to be able to vote only once in the screening stage but no such logic is implemented

[code423n4]

Lines of code

https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-grants/src/grants/base/StandardFunding.sol#L572-#L596

Vulnerability details

Impact

According to the docs, voters are supposed to be able to vote only once in the screening stage. No such logic is implemented.

Proof of Concept

According to the docs (Page 33, 9.2.1.4):

4. To avoid an overwhelming number of proposals, the slate of projects is filtered down to 10 projects during a screening stage. Voting power in the screening stage is based upon a snapshot of an address' voting power 33 blocks prior to the screening stage’s start block, where one token is equal to one vote. Votes can be split across an arbitrary number of proposals, and voters can only vote once in the screening stage.

However, no such logic is implemented

Tools Used

Manual review

Recommended Mitigation Steps

Implement such logic

Assessed type

Error

[Picodes]

https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-grants/src/grants/base/StandardFunding.sol#L706

[c4-judge]

Picodes marked the issue as unsatisfactory: Invalid