Platform: Code4rena
Start Date: 24/07/2023
Pot Size: $100,000 USDC
Total HM: 18
Participants: 73
Period: 7 days
Judge: alcueca
Total Solo HM: 8
Id: 267
League: ETH
Rank: 27/73
Findings: 1
Award: $261.96
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Aymen0909
Also found by: ABAIKUNANBAEV, Jigsaw, hals, sces60107
261.9578 USDC - $261.96
Detailed description of the impact of this finding. Guardians are able to fasttrack and execute proposals even when the contract is not paused. per the comments: @notice Allow the guardian to process a VAA when the /// Temporal Governor is paused this is only for use during /// periods of emergency when the governance on moonbeam is /// compromised and we need to stop additional proposals from going through. /// @param VAA The signed Verified Action Approval to process however the function itself is missing a whenPaused modifier, allowing a guardian to fastrack and execute proposals even the contract is not paused.
W/o a whenPaused modifier, guardian/owner is able to execute fasttracked proposals even when governance is not compromised.
manual review
add whenPaused modifier.
Governance
#0 - c4-pre-sort
2023-08-03T13:53:43Z
0xSorryNotSorry marked the issue as duplicate of #245
#1 - c4-judge
2023-08-12T20:42:31Z
alcueca marked the issue as satisfactory
#2 - c4-judge
2023-08-12T20:42:36Z
alcueca marked the issue as partial-50