Can Vote Multiple Times By Transferring NFT In Same Block As Proposal
_Submitted by (2) Trust, also found by Lambda_
Last updated
_Submitted by (2) Trust, also found by Lambda_
Last updated
https://code4rena.com/reports/2022-09-party/#h-01-partygovernance-can-vote-multiple-times-by-transferring-nft-in-same-block-as-proposal
https://www.trustindistrust.com/post/c4-audit-report-partydao
To make sure users don't vote twice, every proposal has hasVoted mapping to keep note of votes. Users are able to transfer their voting power by transferring their PartyGovernanceNFT. This is not an issue by itself, because if user A votes on proposal P, and then transfers his voting powers to user B and tries to vote on proposal P from user B's context, the number of votes calculated for B's vote is his power at proposal time. But the one critical weakness in this validation system is that during the proposal creation block, the same votes may be re-used by different users.
Add additional check in accept() function:
This will not allow accept() to be called in the sensitive block except to register the proposer's votes.
if (proposal.proposedTime == block.timestamp) {
require(proposal.votes == 0);