Platform: Code4rena
Start Date: 24/07/2023
Pot Size: $100,000 USDC
Total HM: 18
Participants: 73
Period: 7 days
Judge: alcueca
Total Solo HM: 8
Id: 267
League: ETH
Rank: 59/73
Findings: 1
Award: $43.37
🌟 Selected for report: 0
🚀 Solo Findings: 0
43.3709 USDC - $43.37
https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/Governance/TemporalGovernor.sol#L400 https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/Governance/TemporalGovernor.sol#L237 https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/Governance/TemporalGovernor.sol#L266
Although the function _executeProposal in TemporalGovernor.sol executes .call with native ETH value, neither executeProposal nor fastTrackProposalExecution functions have payable function modifier. Consequently the transfer of ETH becomes impossible which would lead to undesirable events if a specific proposal which includes the transfer of native ETH funds is accepted.
TemporalGovernor.sol function executeProposal(bytes memory VAA) public whenNotPaused { _executeProposal(VAA, false); }
TemporalGovernor.sol function fastTrackProposalExecution(bytes memory VAA) external onlyOwner { _executeProposal(VAA, true); /// override timestamp checks and execute }
TemporalGovernor.sol (bool success, bytes memory returnData) = target.call{value: value}( data );
Manual VS code
Remove the opportunity for transferring ETH or add payable modifier.
call/delegatecall
#0 - c4-pre-sort
2023-08-03T13:21:22Z
0xSorryNotSorry marked the issue as duplicate of #268
#1 - c4-judge
2023-08-12T20:37:14Z
alcueca marked the issue as satisfactory
#2 - c4-judge
2023-08-12T20:37:18Z
alcueca marked the issue as partial-50