Category: Coding Mistakes
Fee recipient can censor forum posts
High Severity
High Impact
Medium Likelihood
Description
Forum posts are created by the createForumPost
function, and some fees are paid to the fee recipient before posting:
function createForumPost(address _address, string calldata _text) public payable tokenExists(_address) returns (ForumPost memory) {
PondStorage storage $ = _getStorage();
Forum storage forum = $.forums[_address];
if (msg.value < $.config.forumFeeEth) revert NotEnoughETH();
_safeTransferETH($.config.feeRecipient, msg.value);
ForumPost memory post = ForumPost({ author: msg.sender, text: _text, timestamp: block.timestamp, isHidden: false });
forum.posts.push(post);
emit ForumPostCreate(post.author, _address, post.text, post.timestamp);
return post;
}
However, the fee recipient can choose to revert for some fee transfers, which will cause the parent transaction to revert, censoring the corresponding forum post.
Impact
The fee recipient may censor some posts by reverting during the transfer call they receive from createForumPost
.
Recommendations
A better approach would be to allow the fee recipient to claim their fees independently of the forum post creation.
Remediation
This issue has been acknowledged by PondFun, and a fix was implemented in commit ce3e8543↗. This fix moves the entire forum part of the contract off-chain.