A proposal can be vetoed before it’s created #440
Comments
code423n4
added
2 (Med Risk)
|
This is equivalent to saying vetoer can veto all proposals / cannot be removed, will investigate |
|
While other reports have shown how a non-existant Vetoer can enable 51% attacks, this report is showing how a Vetoer can deny any proposal from ever being executed. Unfortunately there doesn't seem to be a design space that would protect from both a 51% attack and not give power to the vetoer to deny any transaction. Having vetoer set to doxed member of the community may help limit an imbalance of power, however, due to this risk, the long term goal of the project should be to burn the veto keys as they can be used to inhibit any future operation |
|
The DAO design is to have the vetoer resign their veto power as soon as possible to prevent these sorts of situations. Would say this doesn't warrent Med risk. |
iainnash
added
the
sponsor disputed
|
Dup of #622 Ultimately a malicious Vetoer is a security / trust risk for end users and we will flag it because of the User-Facing nature of these reports. However, technically, because you can just re-issue a proposal with a slightly different string value, the issue is not so much technical as it is rooted in "Trust of the Vetoer", hence dup of #622 is more appropriate than having a separate issue |
Lines of code
https://github.com/code-423n4/2022-09-nouns-builder/blob/main/src/governance/governor/Governor.sol#L387
Vulnerability details
Impact
Currently, there is nothing preventing a malicious vetoer from vetoing a proposal before it is created.
Proof of Concept
A proposal is discussed
A proposer is set to call propose on the Governor contract
The vetoer is opposed to this proposal
The vetoer copies the proposal hash and vetoes the proposal before it can be created so that it’s dead on arrival.
Recommended Mitigation Steps
Check if the proposal exists before vetoing.
The text was updated successfully, but these errors were encountered: