Platform: Code4rena
Start Date: 06/09/2022
Pot Size: $90,000 USDC
Total HM: 33
Participants: 168
Period: 9 days
Judge: GalloDaSballo
Total Solo HM: 10
Id: 157
League: ETH
Rank: 105/168
Findings: 1
Award: $70.68
🌟 Selected for report: 1
🚀 Solo Findings: 0
70.6842 USDC - $70.68
The protocol assumes founders and proposals will set sane settings. However there are some settings that if set incorrectly will block proposals from being created or succeeding and block auctions from completing.
This vulnerability has a low likelihood of occurrence as the outcome is not in the interest of the community. However the possibility exists if there is some misunderstanding or miscalculation. If a bad setting is allowed the impact is high.
Governor settings.quorumThresholdBps > 10_000
If quorumThresholdBps is set above 10_000 then it would be impossible to get enough votes to succeed.
Without being able to execute a proposal the setting itself could never be fixed.
Governor settings.proposalThresholdBps > 10_000
If proposalThresholdBps is set above 10_000 then it would be impossible to submit a proposal.
Without being able to submit a proposal the setting itself could never be fixed.
Treasury settings.delay
A very large value for delay would prevent a proposal from being executed.
For example 1000 years easily fits into delay and would result in a 1000 year wait before being able to execute.
A governance proposal could fix this property for future proposals but any proposal created with the large delay would remain stuck.
Auction settings.duration
The duration value is in seconds and any value up to type(uint40).max is permitted.
That is 1099511627775 seconds which is > 48000 years.
A large value like this would stop the auction from ever ending and thus stop new NFTs from being minted.
A governance proposal could fix this setting but ideally a very large duration would be blocked.
Auction settings.timeBuffer
Similar to duration but applies to the auction endTime extention.
So the auction could be extended a number of years for example.
Manual review.
Implement reasonable range bounds reverting where appropriate. In particular for the above apply:
quorumThresholdBps <= 10_000proposalThresholdBps <= 10_000delay <= 6 monthsduration <= 6 monthstimeBuffer <= 6 monthsAdd these checks to the initialize() functions and in the setter / update functions where these individual settings properties can be updated.
#0 - GalloDaSballo
2022-09-16T23:33:41Z
Lack of validation looks right, not convinced about severity if behind timelock
#1 - GalloDaSballo
2022-09-25T20:31:12Z
The warden has shown how, due to a lack of rational minimums and maximums, governance can be griefed if not effectively bricked.
Because this is contingent on allowing "irrational" values, I agree with Medium Severity
Mitigation would require adding acceptable minimums and maximums, or forcing the deployer to set those in a rational way that is transparent to end users
Because this report is talking generally about multiple types of griefs and stalling, I will make this the primary issue and bulk the other reports under this