The _qv_allocate function in QVBaseStrategy.sol, there is no logic to decrease the allocators voiceCredits which they are checked to have in the _allocate() function. This allows the voters to continue casting votes that they might not have by calling the function multiple times with their votes.
Vulnerability Detail
Voters can vote multiple times because their credits aren't updated.
// update the values
voteResult -= votesCastToRecipient;
totalRecipientVotes += voteResult;
_recipient.totalVotesReceived += voteResult;
_allocator.voiceCreditsCastToRecipient[_recipientId] += totalCredits;
_allocator.votesCastToRecipient[_recipientId] += voteResult;
// emit the event with the vote results
emit Allocated(_recipientId, voteResult, _sender);
}
Impact
The logic for _qv_allocate updates the values voteResult, totalRecipientVotes, _recipient.totalVotesReceived but doesn't decrease the allocator.voteCredits, meaning the balance of the allocator's voice credits remains the same.
foresthalberd
high
Voters can vote multiple times
The
_qv_allocate
function inQVBaseStrategy.sol
, there is no logic to decrease the allocatorsvoiceCredits
which they are checked to have in the_allocate()
function. This allows the voters to continue casting votes that they might not have by calling the function multiple times with their votes.Vulnerability Detail
Voters can vote multiple times because their credits aren't updated.
Impact
The logic for
_qv_allocate
updates the valuesvoteResult
,totalRecipientVotes
,_recipient.totalVotesReceived
but doesn't decrease theallocator.voteCredits
, meaning the balance of the allocator's voice credits remains the same.Code Snippet
https://github.com/sherlock-audit/2023-09-Gitcoin/blob/main/allo-v2/contracts/strategies/qv-base/QVBaseStrategy.sol#L525
Tool used
Manual Review
Recommendation
Update the allocator.voiceCredits by decreasing it by the
voiceCreditsToAllocate
before_qv_allocate
is called.