search

sherlock-audit / 2023-09-Gitcoin-judging

11 stars 7 forks source link

pontifex - RFPSimpleStrategy: submitting proposal will always revert #940

Closed sherlock-admin closed 11 months ago

sherlock-admin commented 11 months ago

pontifex

high

RFPSimpleStrategy: submitting proposal will always revert

Submitting proposal will always revert in case of useRegistryAnchor flag is true due to the check at the line L#362

Vulnerability Detail

There is a check which reverts when recipientAddress == address(0) at the line L#362 in the RFPSimpleStrategy._registerRecipient function. But the recipientAddress variable is always zero when useRegistryAnchor flag is true. So the _registerRecipient function will always revert and the contract functionality will be broken.

321        address recipientAddress;

326        // Decode '_data' depending on the 'useRegistryAnchor' flag
327        if (useRegistryAnchor) {
328            /// @custom:data when 'true' -> (address recipientId, uint256 proposalBid, Metadata metadata)
329            (recipientId, proposalBid, metadata) = abi.decode(_data, (address, uint256, Metadata));
330
331            // If the sender is not a profile member this will revert
332            if (!_isProfileMember(recipientId, _sender)) revert UNAUTHORIZED();
333        } else {

362        if (recipientAddress == address(0)) revert RECIPIENT_ERROR(recipientId);

Impact

Submitting proposal will always revert in case of useRegistryAnchor flag is true due to the check at the line L#362. The contract functionality will be broken.

Code Snippet

https://github.com/sherlock-audit/2023-09-Gitcoin/blob/6430c8004017e96ae2f5aac365bdefd0b6eeea72/allo-v2/contracts/strategies/rfp-simple/RFPSimpleStrategy.sol#L327-L362

Tool used

Manual Review

Recommendation

Consider adding a correct address to the recipientAddress variable if the useRegistryAnchor flag is true.

Duplicate of #245