search

code-423n4 / 2023-12-ethereumcreditguild-findings

17 stars 11 forks source link

`ERC20MultiVotes.sol` does not allow delegation to `multiple` addresses. #1221

Closed c4-bot-3 closed 9 months ago

c4-bot-3 commented 9 months ago

Lines of code

https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/2376d9af792584e3d15ec9c32578daa33bb56b43/src/tokens/ERC20MultiVotes.sol#L290-L315

Vulnerability details

According to this comment in ERC20MultiVotes.sol

// @notice an ERC20 extension which allows delegations to multiple delegatees up to a user's balance on a given block.

This contract should allow delegations to multiple addresses but in the _delegate() function the amount of delegates is capped to be less than 2

[297]         require(count < 2, "ERC20MultiVotes: delegation error");
    function _delegate(
        address delegator,
        address newDelegatee
    ) internal virtual {
        uint256 count = delegateCount(delegator);

        // undefined behavior for delegateCount > 1
        require(count < 2, "ERC20MultiVotes: delegation error");

        address oldDelegatee;
        // if already delegated, undelegate first
        if (count == 1) {
            oldDelegatee = _delegates[delegator].at(0);
            _undelegate(
                delegator,
                oldDelegatee,
                _delegatesVotesCount[delegator][oldDelegatee]
            );
        }

        // redelegate only if newDelegatee is not empty
        if (newDelegatee != address(0)) {
            _incrementDelegation(delegator, newDelegatee, freeVotes(delegator));
        }
        emit DelegateChanged(delegator, oldDelegatee, newDelegatee);
    }

Impact

The contract does not do what it is expected to do which is allow delegation to multiple addresses

Tools Used

Manual Review

Recommended Mitigation Steps

The cap on the _delegate() function should be removed and the function modified to allow users delegate to multiple addresses.

Assessed type

Other

c4-pre-sort commented 9 months ago

0xSorryNotSorry marked the issue as insufficient quality report

c4-pre-sort commented 9 months ago

0xSorryNotSorry marked the issue as remove high or low quality report

c4-pre-sort commented 9 months ago

0xSorryNotSorry marked the issue as sufficient quality report

c4-pre-sort commented 9 months ago

0xSorryNotSorry marked the issue as duplicate of #1195

c4-judge commented 8 months ago

Trumpero marked the issue as unsatisfactory: Invalid