search

code-423n4 / 2023-05-ajna-findings

2 stars 0 forks source link

There can be a maximum of 11 proposals #457

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-grants/src/grants/base/ExtraordinaryFunding.sol#L105

Vulnerability details

Impact

Overflow

Proof of Concept

The proposeExtraordinary function restricts that the result of the _getMinimumThresholdPercentage function must be less than or equal to 10**18. The maximum length of the _fundedExtraordinaryProposals array is 10, but there is no restriction on its length in the contract.

Tools Used

vsCode

Recommended Mitigation Steps

function _getMinimumThresholdPercentage change to

    function _getMinimumThresholdPercentage() internal view returns (uint256) {
        //@audit
        uint256 len = _fundedExtraordinaryProposals.length;
        // default minimum threshold is 50
        if (len.length == 0) {
            return 0.5 * 1e18;
        }
        // minimum threshold increases according to the number of funded EFM proposals
        else {
            require(len < 11, "Maximum number of funded EFM proposals reached");
            return 0.5 * 1e18 + (len * (0.05 * 1e18));
        }
    }

Assessed type

Under/Overflow

c4-judge commented 1 year ago

Picodes marked the issue as duplicate of #456

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Invalid