A malicious contributor can block the transition to governance #183
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate
This issue or pull request already exists
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/utils/LibAddress.sol#L13
Vulnerability details
Impact
Full voting power cannot be transferred to a party if one of the contributors cannot receive a refund after a crowdfund
is over. A malicious contract that cannot receive ETH (i.e. it doesn't implement the
receive
function) can become acontributor and block the transition to governance.
Proof of Concept
The root cause is that the transferEth
function in the
LibAddress
library can fail when sending ETH.Even though contributors need to pass a gatekeeper,
there's still a chance that a malicious contract is allowed to contribute. For example,
TokenGateKeeper
doesn't check whether a contributor is a contract.
Recommended Mitigation Steps
Two possible solutions can be recommended:
how Nouns DAO does it,
for example. This will incur extra cost on token burners because they'll have to pay WETH wrapping and transferring when
ETH transferring has failed.
instead: in the
burn
function, keep track of the amounts to be refunded but don't transfer them–let contributors claimthem later on.
The text was updated successfully, but these errors were encountered: