Back to dipp's contests

Canto contest - dipp's results

Execution layer for original work.

General Information

Platform: Code4rena

Start Date: 14/06/2022

Pot Size: $100,000 USDC

Total HM: 26

Participants: 59

Period: 7 days

Judge: GalloDaSballo

Total Solo HM: 9

Id: 133

League: ETH

Canto

Findings Distribution

Researcher Performance

Rank: 34/59

Findings: 2

Award: $495.16

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCanto

Findings Information

🌟 Selected for report: Ruhum

Also found by: 0xmint, cccz, csanuragjain, dipp, hake, zzzitron

Labels

bug
duplicate
3 (High Risk)

Awards

247.5766 USDC - $247.58

1532.982 CANTO - $247.58

External Links

Link to GitHub issue

Lines of code

GovernorBravoDelegate.sol#L63

Vulnerability details

Impact

In GovernorBravoDelegate.sol's queue function, the executed value for the proposal to be queued is set to true. The execute function in GovernorBravoDelegate.sol will revert when called since the state of the proposal is Executed.

Proof of Concept

  1. In queue, a proposal with id == proposalId is fetched from the unigov map contract. If the proposal is formed correctly, does not exist in the GovernorBravoDelegate's proposals variable and is not queued then it is added to proposals with its executed value set to true.

  2. When execute is called it checks state(proposalId) == ProposalState.Queued. Since proposals[proposalId].executed == true, execute will revert and the proposal corresponding to proposalId will not be executed.

In the queue function, when adding the newProposal set executed to false in line 63.

#0 - nivasan1

2022-06-24T03:27:27Z

duplicate of #39

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter