RFPSimpleStrategy: submitting proposal will always revert
Submitting proposal will always revert in case of useRegistryAnchor flag is true due to the check at the line L#362
Vulnerability Detail
There is a check which reverts when recipientAddress == address(0) at the line L#362 in the RFPSimpleStrategy._registerRecipient function. But the recipientAddress variable is always zero when useRegistryAnchor flag is true. So the _registerRecipient function will always revert and the contract functionality will be broken.
321 address recipientAddress;
326 // Decode '_data' depending on the 'useRegistryAnchor' flag
327 if (useRegistryAnchor) {
328 /// @custom:data when 'true' -> (address recipientId, uint256 proposalBid, Metadata metadata)
329 (recipientId, proposalBid, metadata) = abi.decode(_data, (address, uint256, Metadata));
330
331 // If the sender is not a profile member this will revert
332 if (!_isProfileMember(recipientId, _sender)) revert UNAUTHORIZED();
333 } else {
362 if (recipientAddress == address(0)) revert RECIPIENT_ERROR(recipientId);
Impact
Submitting proposal will always revert in case of useRegistryAnchor flag is true due to the check at the line L#362. The contract functionality will be broken.
pontifex
high
RFPSimpleStrategy: submitting proposal will always revert
Submitting proposal will always revert in case of
useRegistryAnchor
flag is true due to the check at the line L#362Vulnerability Detail
There is a check which reverts when
recipientAddress == address(0)
at the line L#362 in theRFPSimpleStrategy._registerRecipient
function. But therecipientAddress
variable is always zero whenuseRegistryAnchor
flag is true. So the_registerRecipient
function will always revert and the contract functionality will be broken.Impact
Submitting proposal will always revert in case of
useRegistryAnchor
flag is true due to the check at the line L#362. The contract functionality will be broken.Code Snippet
https://github.com/sherlock-audit/2023-09-Gitcoin/blob/6430c8004017e96ae2f5aac365bdefd0b6eeea72/allo-v2/contracts/strategies/rfp-simple/RFPSimpleStrategy.sol#L327-L362
Tool used
Manual Review
Recommendation
Consider adding a correct address to the
recipientAddress
variable if theuseRegistryAnchor
flag is true.Duplicate of #245