search

code-423n4 / 2023-12-revolutionprotocol-findings

3 stars 2 forks source link

The NFT token on the auction balance will not participate in voting, but affects the quorum #662

Closed c4-bot-9 closed 10 months ago

c4-bot-9 commented 10 months ago

Lines of code

https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/CultureIndex.sol#L226-L229 https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/CultureIndex.sol#L234

Vulnerability details

Impact

Due to the fact that the token on the auction balance is counted in the total number of voting tokens, pieces created before the start of the auction will have a lower required quorum than pieces created after the start of the auction. Considering that the total number of active votes is the same, it will be mathematically more difficult for some pieces to overcome the quorum.

Proof of Concept

At the moment of creation of a new piece of art, the total number of minted tokens is saved.

        newPiece.totalVotesSupply = _calculateVoteWeight(
            erc20VotingToken.totalSupply(),
            erc721VotingToken.totalSupply()
        );

Based on the total number of issued tokens, the required quorum of votes for the piece is determined.

        newPiece.quorumVotes = (quorumVotesBPS * newPiece.totalVotesSupply) / 10_000;

But the NFT token that is on the auction balance will not be able to take part in the voting.

Tools Used

Manual review

Recommended Mitigation Steps

Consider subtracting the NFT token in the auction balance from the total number of tokens issued.

Assessed type

Governance

c4-pre-sort commented 10 months ago

raymondfam marked the issue as sufficient quality report

c4-pre-sort commented 10 months ago

raymondfam marked the issue as duplicate of #16

c4-pre-sort commented 10 months ago

raymondfam marked the issue as not a duplicate

c4-pre-sort commented 10 months ago

raymondfam marked the issue as duplicate of #18

c4-judge commented 9 months ago

MarioPoneder marked the issue as duplicate of #409

c4-judge commented 9 months ago

MarioPoneder marked the issue as unsatisfactory: Insufficient quality

SovaSlava commented 9 months ago

Thanks for judging. This issue is not a duplicate of the The quorumVotes can be bypassed issue because it describes a different bug, which can't be solved by the mitigation steps from the the The quorumVotes can be bypassed issue

MarioPoneder commented 9 months ago

Thank you for your comment!

Agree, this is not a duplicate.

c4-judge commented 9 months ago

MarioPoneder marked the issue as not a duplicate