search

code-423n4 / 2023-12-revolutionprotocol-findings

3 stars 2 forks source link

If the NFT is because the auction is not met the `reservePrice` in `_settleAuction()` function, during the auction the totalSupply of erc721VotingToken is get in the quorumVotes, leading that the piece cannot be drpped #740

Closed c4-bot-9 closed 9 months ago

c4-bot-9 commented 10 months ago

Lines of code

https://github.com/code-423n4/2023-12-revolutionprotocol/blob/main/packages/revolution/src/AuctionHouse.sol#L1

Vulnerability details

Impact

Detailed description of the impact of this finding.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

Tools Used

Recommended Mitigation Steps

Assessed type

Context

radeveth commented 10 months ago

Hey, I didn't have enough time to write an explanation for this issue, so I just submitted the title without any accompanying details. May I create a gist with a report on this issue and submit it here?

The core concept of this issue is that when a specific auction is initiated, a new NFT (referred to as 'verb') is minted. In the tests, the erc721VotingToken in the CultureIndex.sol contract is designated as VerbsToken. Consequently, the creation of an auction results in an increase in the totalSupply of the erc721VotingToken within the CultureIndex.sol contract. If the auction concludes unsuccessfully, the verb minted at the auction's start is burned. This leads to a situation where all pieces created during the auction cannot be dropped, as the quorumVotes for these pieces were calculated based on a higher totalSupply of the erc721VotingToken.

c4-pre-sort commented 10 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 10 months ago

raymondfam marked the issue as primary issue

c4-pre-sort commented 10 months ago

raymondfam marked the issue as duplicate of #18

raymondfam commented 10 months ago

The judge will decide on this.

c4-judge commented 9 months ago

MarioPoneder marked the issue as not a duplicate

MarioPoneder commented 9 months ago

Although I'd like to say yes, I absolutely cannot allow this.
I think everyone knows where this is going if any judge allows this even once on C4.

All the best and thanks for your understanding!

c4-judge commented 9 months ago

MarioPoneder marked the issue as unsatisfactory: Invalid