To avoid an overwhelming number of proposals, the slate of projects is filtered down to
10 projects during a screening stage. Voting power in the screening stage is based upon a
snapshot of an address' voting power 33 blocks prior to the screening stage’s start block,
where one token is equal to one vote. Votes can be split across an arbitrary number of
proposals, and voters can only vote once in the screening stage.
Lines of code
https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-grants/src/grants/base/StandardFunding.sol#L572-#L596
Vulnerability details
Impact
According to the docs, voters are supposed to be able to vote only once in the screening stage. No such logic is implemented.
Proof of Concept
According to the docs (Page 33, 9.2.1.4):
However, no such logic is implemented
Tools Used
Manual review
Recommended Mitigation Steps
Implement such logic
Assessed type
Error