Platform: Code4rena
Start Date: 06/09/2022
Pot Size: $90,000 USDC
Total HM: 33
Participants: 168
Period: 9 days
Judge: GalloDaSballo
Total Solo HM: 10
Id: 157
League: ETH
Rank: 59/168
Findings: 2
Award: $222.37
🌟 Selected for report: 0
🚀 Solo Findings: 0
161.6008 USDC - $161.60
updateVetoer() is extremely important to the security of this contract as the vetoer holds the power to stop any proposal from being executed. If vetoer is set wrongly by accident, to one without an owner, it can open up the protocol to governance attack as described by Dialectic here. If vetoer is set wrongly to a malicious actor, all funds in the protocol will be stuck in contract as all proposals can be vetoed.
updateVetoer() does not require the target address to accept this transfer of vetoer privilege.
function updateVetoer(address _newVetoer) external onlyOwner { if (_newVetoer == address(0)) revert ADDRESS_ZERO(); emit VetoerUpdated(settings.vetoer, _newVetoer); settings.vetoer = _newVetoer; }
Consider adding an acceptVetoer() function as commonly done for critical operations such as transfer of ownership or admin privilege.
#0 - GalloDaSballo
2022-09-19T22:59:52Z
2 step is basically always Non Critical
#1 - GalloDaSballo
2022-09-19T23:00:00Z
NC
#2 - GalloDaSballo
2022-09-19T23:01:21Z
Undoing the QA and changing to the 51% attack
#3 - GalloDaSballo
2022-09-20T19:12:44Z
Dup of #533
🌟 Selected for report: Lambda
Also found by: 0x1337, 0x1f8b, 0x4non, 0x85102, 0xA5DF, 0xNazgul, 0xSmartContract, 0xbepresent, 0xc0ffEE, 8olidity, Aymen0909, B2, Bnke0x0, CRYP70, Captainkay, CertoraInc, Ch_301, Chom, ChristianKuri, CodingNameKiki, Deivitto, Diana, DimitarDimitrov, ElKu, EthLedger, Franfran, Funen, GimelSec, JansenC, Jeiwan, Jujic, Lead_Belly, MEP, MasterCookie, MiloTruck, Noah3o6, PPrieditis, PaludoX0, Picodes, PwnPatrol, R2, Randyyy, RaymondFam, Respx, ReyAdmirado, Rolezn, Samatak, Tointer, Tomo, V_B, Waze, _Adam, __141345__, a12jmx, ak1, asutorufos, azephiar, ballx, bharg4v, bin2chen, bobirichman, brgltd, bulej93, c3phas, cccz, ch0bu, cloudjunky, cryptonue, cryptostellar5, cryptphi, csanuragjain, d3e4, datapunk, davidbrai, delfin454000, dharma09, dic0de, dipp, djxploit, eierina, erictee, fatherOfBlocks, gogo, hansfriese, hyh, imare, indijanc, izhuer, jonatascm, ladboy233, leosathya, lucacez, lukris02, m9800, martin, minhtrng, ne0n, neumo, oyc_109, p_crypt0, pashov, pauliax, pcarranzav, pedr02b2, peritoflores, pfapostol, rbserver, ret2basic, robee, rvierdiiev, sach1r0, sahar, scaraven, sikorico, simon135, slowmoses, sorrynotsorry, tnevler, tonisives, volky, yixxas, zkhorse, zzzitron
60.7742 USDC - $60.77
https://github.com/code-423n4/2022-09-nouns-builder/blob/main/src/governance/governor/Governor.sol#L116 https://github.com/code-423n4/2022-09-nouns-builder/blob/main/src/governance/treasury/Treasury.sol#L141-L172
propose() function in Governor.sol takes in input from user of unbounded _targets[] array. This can lead to too high a gas consumption required to execute the entire proposal, one that exceeds the block gas limit which prevents anyone from executing this proposal even though it has sufficient for votes casted.
_propose() function.execute() can be called.function execute( address[] calldata _targets, uint256[] calldata _values, bytes[] calldata _calldatas, bytes32 _descriptionHash ) external payable onlyOwner { ... // Cache the number of targets uint256 numTargets = _targets.length; // Cannot realistically overflow unchecked { // For each target: for (uint256 i = 0; i < numTargets; ++i) { // Execute the transaction (bool success, ) = _targets[i].call{ value: _values[i] }(_calldatas[i]); // Ensure the transaction succeeded if (!success) revert EXECUTION_FAILED(i); } } ... }
However, since numTargets == _targets.length is unbounded, a proposal that is made with too many targets can lead to gas consumptions which exceeds the block gas limit, causing a proposal that has passed the voting phase to be unable to be executed.
Set a hard limit on _targets.length as done in nounsDAO. ( max number of targets is set to 10 there )
#0 - GalloDaSballo
2022-09-19T19:10:07Z
R