search

code-423n4 / 2023-05-party-findings

1 stars 1 forks source link

Rage quit modifications should be limited to provide stronger guarantees to party members #16

Open code423n4 opened 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-party/blob/main/contracts/party/PartyGovernanceNFT.sol#L270

Vulnerability details

Rage quit modifications should be limited to provide stronger guarantees to party members

Party hosts can arbitrarily change the rage quit settings overriding any existing preset.

Impact

Rage quit is implemented in the PartyGovernanceNFT contract by using a timestamp. Leaving aside the cases of permanent settings (which, of course, cannot be changed) this implementation allows a more flexible feature than a simple enable/disable toggle. The timestamp represents the time until rage quit is allowed, if the timestamp is still in the future then rage quit is enabled, if it is in the past, the feature is disabled.

This setting can be changed at will by party hosts. At any moment and without any restriction (other than the permanent enabled or disabled, which cannot be modified), the party host is allowed to change the value to any arbitrary date. This means that an already scheduled setting that would allow rage quit until a certain future date, can be simply overridden and changed by the party host.

A party member can feel secure knowing it has the option to rage quit until the defined timestamp in rageQuitTimestamp. However any party host can arbitrarily reduce or completely disable the feature, ignoring any preset.

This is particularly concerning as it defeats the purpose of having a programmable expire date of the rage quit feature. The allowed modifications should ensure members are covered at least until the agreed timestamp (i.e. extend it or leave it as it is to disable rage quit the moment the timestamp expires), or provide better guarantees against arbitrary changes.

Recommendation

Here are some alternatives that should be taken as ideas to be used individually or in some combination:

  1. Ensure rage quit cannot be disabled at least until the current defined timestamp.
  2. Rage quit can only be reduced by a certain amount of time (for example, a percentage of remaining time).
  3. Rage quit can only be changed once per period of time.
  4. If rage quit is currently enabled, then ensure timestamp is not decreased below the latest proposal execution time.

Assessed type

Other

0xble commented 1 year ago

This is a duplicate of #29, although I think this report is higher quality

c4-judge commented 1 year ago

thereksfour marked the issue as primary issue

c4-judge commented 1 year ago

thereksfour marked the issue as satisfactory

c4-sponsor commented 1 year ago

0xble marked the issue as sponsor acknowledged

c4-judge commented 1 year ago

thereksfour marked the issue as selected for report