Big Flaxen Dove - Malicious actor can reparticipate in FCFS #659

sherlock-admin3 · 2025-02-19T18:30:52Z

Big Flaxen Dove

High

Malicious actor can reparticipate in FCFS

Summary

Malicious actor can reparticipate in FCFS.

Root cause

https://github.com/sherlock-audit/2025-02-rova/blob/fe68ceb7d90693f9be5c7fb94dde130da8d60d9e/rova-contracts/src/Launch.sol#L246

        if (userTokenAmount > 0) {
            if (!settings.finalizesAtParticipation) {
                revert MaxUserParticipationsReached(request.launchGroupId, request.userId);
            }
        }

PoC

if (!settings.finalizesAtParticipation) {revert ..}

works incorrectly to allow user participate again in FCFS Launch Groups.

Mitigation

Consider to change validation to:

if (settings.finalizesAtParticipation) {revert ..}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Big Flaxen Dove - Malicious actor can reparticipate in FCFS #659

Big Flaxen Dove - Malicious actor can reparticipate in FCFS #659

sherlock-admin3 commented Feb 19, 2025

Big Flaxen Dove - Malicious actor can reparticipate in FCFS #659

Big Flaxen Dove - Malicious actor can reparticipate in FCFS #659

Comments

sherlock-admin3 commented Feb 19, 2025

Malicious actor can reparticipate in FCFS

Summary

Root cause

PoC

Mitigation