Back to Mirror's contests

Arbitrum Security Council Election System - Mirror's results

A suite of scaling solutions providing environments with high-throughput, low-cost smart contracts, backed by industry-leading proving technology rooted in Ethereum.

General Information

Platform: Code4rena

Start Date: 03/08/2023

Pot Size: $90,500 USDC

Total HM: 6

Participants: 36

Period: 7 days

Judge: 0xean

Total Solo HM: 1

Id: 273

League: ETH

Arbitrum Foundation

Findings Distribution

Researcher Performance

Rank: 34/36

Findings: 1

Award: $36.16

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryArbitrum Foundation

Findings Information

🌟 Selected for report: MiloTruck

Also found by: 0xbepresent, 0xnev, 0xprinc, HE1M, Mirror, Sathish9098, Udsen, arialblack14, berlin-101, eierina, hals, ktg, nobody2018

Labels

bug
grade-b
QA (Quality Assurance)
edited-by-warden
Q-09

Awards

36.1616 USDC - $36.16

External Links

Link to GitHub issue

[Low] Insufficient Member Verification during Initialization

It is possible to add same members to a council (also possible to add same address to two councils) twice or more times. Also there is no check for array length (12 or not).

https://github.com/ArbitrumFoundation/governance/blob/c18de53820c505fc459f766c1b224810eaeaabc5/src/security-council-mgmt/SecurityCouncilManager.sol#L97-L101

[Low] Erroneous Data Logged in Events

The original intention of the SecurityCouncilRemoved event is to record the removed council. However, the data submitted here consists of references to securityCouncils[i]. This results in the remove event consistently recording the last element of the 'securityCouncils' array.

Consider emitting the SecurityCouncilRemoved event before the array undergoes shifting and popping.

https://github.com/arbitrumfoundation/governance/blob/c18de53820c505fc459f766c1b224810eaeaabc5/src/security-council-mgmt/SecurityCouncilManager.sol#L296-L300

[Info] Redundant check

A similar zero address check is already performed within the _addMemberToCohortArray() for the _addressToAdd parameter. So the additional check for _addressToAdd is unnecessary.

https://github.com/ArbitrumFoundation/governance/blob/c18de53820c505fc459f766c1b224810eaeaabc5/src/security-council-mgmt/SecurityCouncilManager.sol#L222

[Info] Repetition in Comments

// this only checks against the current the current other cohort, and against the current cohort membership

https://github.com/ArbitrumFoundation/governance/blob/c18de53820c505fc459f766c1b224810eaeaabc5/src/security-council-mgmt/governors/SecurityCouncilNomineeElectionGovernor.sol#L231

// revoke old security council cancel role; it is unnecessary to grant it to explicitly grant it to new security council since the security council can already cancel via the core governor's relay method.

https://github.com/ArbitrumFoundation/governance/blob/c18de53820c505fc459f766c1b224810eaeaabc5/src/gov-action-contracts/AIPs/SecurityCouncilMgmt/GovernanceChainSCMgmtActivationAction.sol#L103

#0 - c4-judge

2023-08-18T23:28:41Z

0xean marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter