User Registration Failure When useRegistryAnchor is Enabled
The RFPSimpleStrategy contract exhibits a critical flaw in user registration when the useRegistryAnchor flag is set to true, making it impossible for users to register as recipients.
Vulnerability Detail
In RFPSimpleStrategy contract, when a user register as a recipient, it call the function _registerRecipient.
Within the _registerRecipient function in the RFPSimpleStrategy contract, a conditional statement exists to evaluate whether the useRegistryAnchor flag is active.
if (useRegistryAnchor) {
/// @custom:data when 'true' -> (address recipientId, uint256 proposalBid, Metadata metadata)
(recipientId, proposalBid, metadata) = abi.decode(_data, (address, uint256, Metadata));
// If the sender is not a profile member this will revert
if (!_isProfileMember(recipientId, _sender)) revert UNAUTHORIZED();
The function neglects to assign a value to recipientAddress. This omission leads to a later part of the function which checks for a zero address and reverts the transaction if found.
// If the recipient address is the zero address this will revert
if (recipientAddress == address(0)) revert RECIPIENT_ERROR(recipientId);
This flaw disrupts the fundamental utility of the contract. It prevents users from successfully registering as recipients when the useRegistryAnchor flag is active, effectively breaking this feature.
ast3ros
medium
User Registration Failure When useRegistryAnchor is Enabled
The RFPSimpleStrategy contract exhibits a critical flaw in user registration when the
useRegistryAnchorflag is set totrue, making it impossible for users to register as recipients.Vulnerability Detail
In
RFPSimpleStrategycontract, when a user register as a recipient, it call the function_registerRecipient.https://github.com/sherlock-audit/2023-09-Gitcoin/blob/main/allo-v2/contracts/strategies/rfp-simple/RFPSimpleStrategy.sol#L314-L380
Within the
_registerRecipientfunction in theRFPSimpleStrategycontract, a conditional statement exists to evaluate whether theuseRegistryAnchorflag is active.https://github.com/sherlock-audit/2023-09-Gitcoin/blob/main/allo-v2/contracts/strategies/rfp-simple/RFPSimpleStrategy.sol#L327-L332
The function neglects to assign a value to
recipientAddress. This omission leads to a later part of the function which checks for a zero address and reverts the transaction if found.https://github.com/sherlock-audit/2023-09-Gitcoin/blob/main/allo-v2/contracts/strategies/rfp-simple/RFPSimpleStrategy.sol#L362
Impact
This flaw disrupts the fundamental utility of the contract. It prevents users from successfully registering as recipients when the
useRegistryAnchorflag is active, effectively breaking this feature.Code Snippet
https://github.com/sherlock-audit/2023-09-Gitcoin/blob/main/allo-v2/contracts/strategies/rfp-simple/RFPSimpleStrategy.sol#L327-L332 https://github.com/sherlock-audit/2023-09-Gitcoin/blob/main/allo-v2/contracts/strategies/rfp-simple/RFPSimpleStrategy.sol#L362
Tool used
Manual Review
Recommendation
Assign the recipientAddress to the address of recipientId or another address.
Duplicate of #245