Skip to content
This repository has been archived by the owner on Jun 2, 2024. It is now read-only.

saian - Token.sol : Function updateFounders does not clear the correct base id #157

Closed
sherlock-admin2 opened this issue Dec 1, 2023 · 0 comments
Closed

saian - Token.sol : Function updateFounders does not clear the correct base id #157

sherlock-admin2 opened this issue Dec 1, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Dec 1, 2023
edited by sherlock-admin
Loading

saian

medium

Token.sol : Function updateFounders does not clear the correct base id

Summary

Difference in first base id in function _addFounders and updateFounders will result in function updateFounders not clearing the correct base id

Vulnerability Detail

baseTokenId calculation is different in the functions as baseTokenId starts from reserveUntilTokenId in _addFounders and 0 in updateFounders. So old founders will not be removed from tokenRecipient mapping and will receive tokens if the vesting period is not over

Impact

Old founders will not be removed from the tokenRecipient mapping and will recieve tokens if the vesting period is not completed

Code Snippet

https://github.com/sherlock-audit/2023-09-nounsbuilder/blob/main/nouns-protocol/src/token/Token.sol#L375

        uint256 baseTokenId;

        for (uint256 j; j < cachedFounder.ownershipPct; ++j) {
            // Get the next index that hasn't already been cleared
            while (clearedTokenIds[baseTokenId] != false) {
                baseTokenId = (++baseTokenId) % 100;
            }

            delete tokenRecipient[baseTokenId];
            clearedTokenIds[baseTokenId] = true;

            emit MintUnscheduled(baseTokenId, i, cachedFounder);

            // Update the base token id
            baseTokenId = (baseTokenId + schedule) % 100;
        }
    }

Tool used

Manual Review

Recommendation

Change the first base token id in _addFounders to

    uint256 baseTokenId = 0;

Duplicate of #42
@github-actions github-actions bot closed this as completed Dec 6, 2023
@github-actions github-actions bot added High A valid High severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Dec 6, 2023
@sherlock-admin sherlock-admin changed the title Lucky Clear Dragonfly - Token.sol : Function updateFounders does not clear the correct base id saian - Token.sol : Function updateFounders does not clear the correct base id Dec 13, 2023
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label Dec 13, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sherlock-admin @sherlock-admin2