Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Redo PR 10268 #10473

Closed
martinvol opened this issue Aug 8, 2023 · 1 comment
Closed

Redo PR 10268 #10473

martinvol opened this issue Aug 8, 2023 · 1 comment
Labels

Comments

@martinvol
Copy link
Contributor

Expected Behavior

PR #10268 introduced a vulnerability and will get reverted on CR10.

Current Behavior

Not deployed.

More info:
Governance.sol:dequeueProposalIfReady(uint) (L1258-1294)

PR #10268 and PR #10324 introduce a new function dequeueProposalIfReady(uint proposalId) for the Governance.sol contract. The function is only called in Governance.sol:upvote on line 536 with the given proposalId and it can be called externally as it's marked public.

However, the function only checks if the dequeue time has been reached (e.g. last dequeue time + dequeue frequency) and if the given proposal has not yet expired. It does not take the queue order that is established through upvoting with voting power into account.

In contrary to dequeueProposalsIfReady, which pops the head proposals of the queue, it also only supports dequeueing a single proposal each time. It will set lastDequeue time and consequently block any other proposals from getting dequeued.

This vulnerability can be used to instantly dequeue a proposal without the need for upvotes, as well as block any normal proposals from getting dequeued by repeatedly proposing and dequeueing malicious or bogus proposals.

@montera82 montera82 self-assigned this Aug 9, 2023
Copy link
Contributor

github-actions bot commented May 5, 2024

This issue is stale and will be closed in 30 days without activity

@github-actions github-actions bot added the stale label May 5, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jun 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants