Platform: Code4rena
Start Date: 06/09/2022
Pot Size: $90,000 USDC
Total HM: 33
Participants: 168
Period: 9 days
Judge: GalloDaSballo
Total Solo HM: 10
Id: 157
League: ETH
Rank: 22/168
Findings: 3
Award: $962.07
๐ Selected for report: 0
๐ Solo Findings: 0
https://github.com/code-423n4/2022-09-nouns-builder/blob/main/src/manager/Manager.sol#L140 https://github.com/code-423n4/2022-09-nouns-builder/blob/main/src/manager/Manager.sol#L141
The normal operation of the DAO can be disrupted if its initial votingDelay parameter is to a very high or small number and/or setting its initial votingPeriod to a small number.
An malicious operator sets the votingPeriod to be 60 seconds in duration. When proposals are made it will be difficult for DAO members to vote effectively potentially allowing malicious proposals to make it through.
DAO governance could also set either parameter too low or too high accidentally.
This is an edge case but it would be very disruptive.
Place a limiting range on both votingDelay & votingPeriod
#0 - iainnash
2022-09-26T21:45:33Z
Duplicate of #525 ?
#1 - GalloDaSballo
2022-09-26T22:12:44Z
Dup of #482
161.6008 USDC - $161.60
Typically if a malicious proposal is proposed there is an option for a vetoer to veto the proposal defeating it without a vote. This may be useful if a malicious proposer has enough votes to force the malicious proposal through. This ability is nullified if the vetoer is set to the treasury since it cannot execute anything without a proposal.
This is an edge case however it may not be so far-fetched that DAO members want vetoer to be more democratically controlled and believe the treasury is a good candidate for this since itโs how they govern the DAO.
Prevent the treasury from being the vetoer.
#0 - GalloDaSballo
2022-09-16T18:27:13Z
This is a convoluted way to say that a malicious vetoer will not veto
#1 - GalloDaSballo
2022-09-20T19:12:13Z
Dup of #533
๐ Selected for report: rbserver
Also found by: ayeslick, rvierdiiev
729.7931 USDC - $729.79
Currently, there is nothing preventing a malicious vetoer from vetoing a proposal before it is created.
A proposal is discussed A proposer is set to call propose on the Governor contract The vetoer is opposed to this proposal The vetoer copies the proposal hash and vetoes the proposal before it can be created so that itโs dead on arrival.
Check if the proposal exists before vetoing.
#0 - GalloDaSballo
2022-09-16T18:28:05Z
This is equivalent to saying vetoer can veto all proposals / cannot be removed, will investigate
#1 - GalloDaSballo
2022-09-26T00:25:44Z
While other reports have shown how a non-existant Vetoer can enable 51% attacks, this report is showing how a Vetoer can deny any proposal from ever being executed.
Unfortunately there doesn't seem to be a design space that would protect from both a 51% attack and not give power to the vetoer to deny any transaction.
Having vetoer set to doxed member of the community may help limit an imbalance of power, however, due to this risk, the long term goal of the project should be to burn the veto keys as they can be used to inhibit any future operation
#2 - iainnash
2022-09-26T21:36:51Z
The DAO design is to have the vetoer resign their veto power as soon as possible to prevent these sorts of situations.
Would say this doesn't warrent Med risk.
#3 - GalloDaSballo
2022-09-28T19:29:36Z
Dup of #622
Ultimately a malicious Vetoer is a security / trust risk for end users and we will flag it because of the User-Facing nature of these reports.
However, technically, because you can just re-issue a proposal with a slightly different string value, the issue is not so much technical as it is rooted in "Trust of the Vetoer", hence dup of #622 is more appropriate than having a separate issue