The settledPrice maybe exceed maximumPrice #201
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
edited-by-warden
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/crowdfund/BuyCrowdfundBase.sol#L122
Vulnerability details
Impact
BuyCrowdfundBase.sol _buy()
When callValue = 0 is settledPrice to totalContributions ignoring whether totalContributions > maximumPrice
resulting in the minimum proportion of participants expected to become smaller
Proof of Concept
(AuctionCrowdfund.sol finalize() similar)
Recommended Mitigation Steps
add check
The text was updated successfully, but these errors were encountered: