code-423n4 2023-05-party-findings issues

code-423n4 / 2023-05-party-findings

1 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 2 from #23 [1686021624118]

#43 c4-judge opened 1 year ago
3
Upgraded Q -> 2 from #9 [1685982867794]

#42 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #17 [1685982856814]

#41 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #2 [1685675848966]

#39 c4-judge closed 1 year ago
5
Upgraded Q -> 2 from #20 [1685637254165]

#38 c4-judge closed 1 year ago
9
Upgraded Q -> 2 from #5 [1685528763875]

#37 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #11 [1685528549173]

#36 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #11 [1685528541946]

#35 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #20 [1685526689823]

#34 c4-judge closed 1 year ago
3
Upgraded Q -> 2 from #26 [1685524804490]

#33 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #26 [1685524775382]

#32 c4-judge closed 1 year ago
2
Gas Optimizations

#31 code423n4 opened 1 year ago
2
QA Report

#30 code423n4 opened 1 year ago
3
Rage quitting availability cannot be reliably guaranteed

#29 code423n4 closed 1 year ago
5
Governance NFT can be burned to DoS `accept()`

#28 code423n4 closed 1 year ago
6
Fairness should be denominated in `mintedVotingPower` rather than `totalVotingPower`

#27 code423n4 closed 1 year ago
8
QA Report

#26 code423n4 opened 1 year ago
2
`rageQuit()` burns without transferring when `totalVotingPower == 0`

#25 code423n4 closed 1 year ago
7
Host can bypass reentrancy guard in `rageQuit()`

#24 code423n4 closed 1 year ago
5
[M-01] `rageQuit()` cannot transfer ERC1155 fungible tokens

#23 code423n4 closed 1 year ago
16
Rage quitter loses his claimable share of distributed tokens

#22 code423n4 opened 1 year ago
9
Gas Optimizations

#21 code423n4 opened 1 year ago
3
QA Report

#20 code423n4 opened 1 year ago
3
Burning an NFT can be used to block voting

#19 code423n4 opened 1 year ago
5
Rage quit can also be used by party members to exit their position when they don't agree with proposals

#18 code423n4 opened 1 year ago
3
Ragequit can be frontrun by distribute call to cause losses to user who is ragequitting

#17 code423n4 closed 1 year ago
3
Rage quit modifications should be limited to provide stronger guarantees to party members

#16 code423n4 opened 1 year ago
5
PartyGovernanceNFT implementation constructor is allowed to receive ETH

#15 code423n4 opened 1 year ago
3
Tokens with multiple entry points can lead to loss of funds in `rageQuit()`

#14 code423n4 opened 1 year ago
8
Reentrancy guard in `rageQuit()` can be bypassed

#13 code423n4 opened 1 year ago
16
Users can bypass distributions fees by ragequitting instead of using a formal distribution

#12 code423n4 opened 1 year ago
5
QA Report

#11 code423n4 opened 1 year ago
4
Users wouldn't have time to call `rageQuit()` for unanimous votes.

#10 code423n4 closed 1 year ago
4
Users might lose funds after calling `rageQuit()` by malicious frontrunners.

#9 code423n4 closed 1 year ago
16
Possible overflow in `PartyGovernance._isUnanimousVotes()`

#8 code423n4 closed 1 year ago
7
Users can withdraw more funds if the party has tokens with multiple addresses.

#7 code423n4 closed 1 year ago
4
The distribution logic will be broken after calling `rageQuit()`

#6 code423n4 opened 1 year ago
5
QA Report

#5 code423n4 opened 1 year ago
4
Host can instantly set `rageQuitTimestamp` and prevent members from rage quitting

#4 code423n4 closed 1 year ago
3
accept() can be delayed or gas-griefed by burning a governance NFT

#3 code423n4 closed 1 year ago
3
Maxed totalVotingPower will lead to unanimous votes treated as VETOED

#2 code423n4 closed 1 year ago
9
Agreements & Disclosures

#1 code423n4 opened 1 year ago
0