Skip to content
This repository has been archived by the owner on Jun 2, 2024. It is now read-only.

0xReiAyanami - Malfunction in updateFounders #295

Closed
sherlock-admin2 opened this issue Dec 1, 2023 · 0 comments
Closed

0xReiAyanami - Malfunction in updateFounders #295

sherlock-admin2 opened this issue Dec 1, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Dec 1, 2023

0xReiAyanami

high

Malfunction in updateFounders

Summary

updateFounders in Token.sol is not respecting the reserveUntilTokenId, which leads to a wrong cleanup of baseTokenIds.

Vulnerability Detail

In updateFounders there is a loop in the code, that is deleting the baseTokenIds, on when to mint tokens for founders. This is to ensure, that the mapping is clean, before adding the update founders. The problem here is, that this function is not respecting the changes, that where done to the addFounders in regards to the reservedUntilTokenId.

When adding, the baseTokenId stars with the value set to reservedUntilTokenId, but when deleting it starts with baseTokenId=0.

This will result in the mapping to not be properly cleaned, and old founders to may still receive tokens, or updated founders receiving too many tokens.

Impact

  • Old founders may receive tokens
  • Founders may receive too many tokens

Code Snippet

https://github.com/sherlock-audit/2023-09-nounsbuilder/blob/main/nouns-protocol/src/token/Token.sol#L161

https://github.com/sherlock-audit/2023-09-nounsbuilder/blob/main/nouns-protocol/src/token/Token.sol#L412

Tool used

Manual Review

Recommendation

use the same baseId for deletion as for adding the founders, starting with reservedUntilTokenId

Duplicate of #42

@github-actions github-actions bot closed this as completed Dec 6, 2023
@github-actions github-actions bot added High A valid High severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Dec 6, 2023
@sherlock-admin sherlock-admin changed the title Breezy Plastic Camel - Malfunction in updateFounders 0xReiAyanami - Malfunction in updateFounders Dec 13, 2023
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label Dec 13, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue
Projects
None yet
Development

No branches or pull requests

2 participants