allocator.voiceCredits is never increased. So the check at the line L#121 does not work correctly and the _sender can use an unlimited amount of credits.
Vulnerability Detail
The QVSimpleStrategy._allocate function checks if the _sender has voice credits left at the line L#121. The max amount of credits is limited by maxVoiceCreditsPerAllocator value. But the allocator.voiceCredits is never increased. So the _sender can call the function many times with voiceCreditsToAllocate <= maxVoiceCreditsPerAllocator.
QVSimpleStrategy._allocate:
pontifex
high
QVSimpleStrategy: unlimited voting is possible
allocator.voiceCredits
is never increased. So the check at the line L#121 does not work correctly and the_sender
can use an unlimited amount of credits.Vulnerability Detail
The
QVSimpleStrategy._allocate
function checks if the_sender
has voice credits left at the line L#121. The max amount of credits is limited bymaxVoiceCreditsPerAllocator
value. But theallocator.voiceCredits
is never increased. So the_sender
can call the function many times withvoiceCreditsToAllocate <= maxVoiceCreditsPerAllocator
.QVSimpleStrategy._allocate
:QVSimpleStrategy._hasVoiceCreditsLeft
:Impact
It is possible to use an unlimited amount of credits for voting, but should not be.
Code Snippet
https://github.com/sherlock-audit/2023-09-Gitcoin/blob/6430c8004017e96ae2f5aac365bdefd0b6eeea72/allo-v2/contracts/strategies/qv-simple/QVSimpleStrategy.sol#L107-L124 https://github.com/sherlock-audit/2023-09-Gitcoin/blob/6430c8004017e96ae2f5aac365bdefd0b6eeea72/allo-v2/contracts/strategies/qv-simple/QVSimpleStrategy.sol#L144-L151
Tool used
Manual Review
Recommendation
Consider increasing
allocator.voiceCredits
after the check at the line L#121.Duplicate of #150