c4-judge
commented
1 year ago Picodes marked the issue as duplicate of #356
Closed c4-judge closed 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as duplicate of #356
c4-judge
commented
1 year ago Picodes marked the issue as duplicate of #488
c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
c4-judge
commented
1 year ago Picodes marked the issue as partial-50
c4-judge
commented
1 year ago Picodes changed the severity to 3 (High Risk)
Judge has assessed an item in Issue #467 as 2 risk. The relevant finding follows:
[L-03] Anyone can memorialize other users' position if the owner approves PositionManager There isn't a check to ensure that the caller is the actual owner of the position, so anyone can memorialize a position if the original owner approves PositionManager.
Modify ajna-core/tests/forge/unit/PositionManager.t.sol with the following and the test will not fail:
File: ajna-core\tests\forge\unit\PositionManager.t.sol
File: ajna-grants/src/grants/base/StandardFunding.sol
170: / 171: @notice Get the block number at which this distribution period's challenge stage ends. 172: @param endBlock_ The end block of quarterly distribution to get the challenge stage end block for. 173: @return The block number at which this distribution period's challenge stage ends. 174: / 175: function getChallengeStageEndBlock( 176: uint256 endBlock 177: ) internal pure returns (uint256) { 178: return endBlock_ + CHALLENGE_PERIOD_LENGTH; 179: } 180:
181: / 182: @notice Get the block number at which this distribution period's screening stage ends. 183: @param endBlock_ The end block of quarterly distribution to get the screening stage end block for. 184: @return The block number at which this distribution period's screening stage ends. 185: / 186: function getScreeningStageEndBlock( 187: uint256 endBlock 188: ) internal pure returns (uint256) { 189: return endBlock_ - FUNDING_PERIODLENGTH; 190: } 191:
192: /* 193: @notice Updates Treasury with surplus funds from distribution. 194: @dev Counters incremented in an unchecked block due to being bounded by array length of at most 10. 195: @param distributionId distribution Id of updating distribution 196: */ 197: function updateTreasury( 198: uint24 distributionId 199: ) private { 200: bytes32 fundedSlateHash = distributions[distributionId].fundedSlateHash; 201: uint256 fundsAvailable = distributions[distributionId].fundsAvailable; 202:
203: uint256[] memory fundingProposalIds = _fundedProposalSlates[fundedSlateHash]; 204:
205: uint256 totalTokensRequested; 206: uint256 numFundedProposals = fundingProposalIds.length; 207:
208: for (uint i = 0; i < numFundedProposals; ) { 209: Proposal memory proposal = _standardFundingProposals[fundingProposalIds[i]]; 210:
211: totalTokensRequested += proposal.tokensRequested; 212:
213: unchecked { ++i; } 214: } 215:
216: // readd non distributed tokens to the treasury
ajna-grants/src/grants/base/StandardFunding.sol#L170-L216