Open hats-bug-reporter[bot] opened 6 months ago
Thank you for the submission.
Although this submission is not very detailed and it was really hard for me to understand what it was about, as there are confusing definitions of both gauge, bribe, balance in gauge. When testing, the example attack showed that the user removes his vote from a small NFT, after a large NFT, as a result, although the vote is removed in Voter, the user's balance in Bribe (internal/external) of a large NFT will remain
This leads to the fact that the user, without having real votes in the bribe, has fake ones that have not been deleted, which will allow him to receive a reward from the bribe, not all, but a certain significant amount https://github.com/Satsyxbt/Fenix/blob/7b81d318fd9ef6107a528b6bd49bb9383e1b52ab/contracts/bribes/BribeUpgradeable.sol#L250
Since this is a way of taking unlawful benefits from other users with a path without additional conditions - high
This code comes from the OOS section, but because of the criticality in the scope
Github username: @deadrosesxyz Twitter username: @deadrosesxyz Submission hash (on-chain): 0x582d7050f2de893699c434f390798690c49a7e486b6c4f73d7cb4350370b2a7f Severity: high
Description: Description\ Adversary can steal all bribe rewards. I have previously reported the issue to Retro, Thena and Chronos, so description is copied
Attack Scenario\ So here's the attack path:
In the end the user has not voted with any of the NFT's. Despite this, the user has a balance in all gauges. The user can then send the high-value NFT to his other wallet, where he has such low-value NFTs set from last week and repeat this attack endlessly. In the end, the user can have an arbitrary high balance in all bribes, therefore getting all of the rewards for themselves. Furthermore, since the balance will be spread out across multiple wallets and none of them will have a suspiciously high balance, this could go unnoticed for long time.
Impact Adversary can steal all rewards allocated for the upcoming week. Under some conditions and assumptions, this could potentially remain unnoticed for a prolonged time frame.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)