Skip to content
This repository has been archived by the owner on Jun 2, 2024. It is now read-only.

pontifex - Incorrect vesting allocations clearing when the list of allocations updating #286

Closed
sherlock-admin opened this issue Dec 1, 2023 · 0 comments
Closed

pontifex - Incorrect vesting allocations clearing when the list of allocations updating #286

sherlock-admin opened this issue Dec 1, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Dec 1, 2023
edited by sherlock-admin2
Loading

pontifex

high

Incorrect vesting allocations clearing when the list of allocations updating

Summary

The difference in start value of the baseTokenId at the Token.updateFounders and Token._addFounders functions can lead to incorrect allocation clearing.

Vulnerability Detail

The Token.updateFounders updates the list of allocation owners by clearing the previous allocations before adding new.
The function reverse engineers the indices the founder has reserved tokens in. But the initial value for the baseTokenId is always 0 while during the allocation itself the baseTokenId depends on the reservedUntilTokenId variable.

160                // Used to store the base token id the founder will recieve
161                uint256 baseTokenId = reservedUntilTokenId;
...
411                // Used to reverse engineer the indices the founder has reserved tokens in.
412                uint256 baseTokenId;

Thus the difference in start value can lead to incorrect indices calculation.

Impact

Some allocations may not be cleared and addresses from the previous list of allocations will receive an excess amount of tokens.

Code Snippet

https://github.com/sherlock-audit/2023-09-nounsbuilder/blob/db232c649b425c36f5a93607c95cfdf0e5962b2f/nouns-protocol/src/token/Token.sol#L411-L412

Tool used

Manual Review

Recommendation

Consider using reservedUntilTokenId as a start value of baseTokenId.

Duplicate of #42
@github-actions github-actions bot closed this as completed Dec 6, 2023
@github-actions github-actions bot added High A valid High severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Dec 6, 2023
@sherlock-admin2 sherlock-admin2 changed the title Mammoth Aqua Worm - Incorrect vesting allocations clearing when the list of allocations updating pontifex - Incorrect vesting allocations clearing when the list of allocations updating Dec 13, 2023
@sherlock-admin2 sherlock-admin2 added the Reward A payout will be made for this issue label Dec 13, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sherlock-admin @sherlock-admin2