search

code-423n4 / 2021-04-vader-findings

1 stars 0 forks source link

A minority of the DAO can cause DoS by canceling all proposals in DAO.sol #185

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

0xRajeev

Vulnerability details

Impact

The only requirement for canceling is that there should exist a new proposal which has minority DAO support and has the same mapPID_type type string as the old proposal being cancelled. There is no requirement that a unique new proposal is being used as a replacement to cancel an equivalent old one which would prevent the reuse of voting power to cancel more older proposals than the number of new ones voted upon.

Therefore, a minority (>= 16%) of the DAO can cause DoS on all proposals by backrunning finalising proposals and canceling them using the same set of new proposals of GRANT/REWARD/UTILS types to which they have given their minority support.

Proof of Concept

https://github.com/code-423n4/2021-04-vader/blob/3041f20c920821b89d01f652867d5207d18c8703/vader-protocol/contracts/DAO.sol#L102-L108

Tools Used

Manual Analysis

Recommended Mitigation Steps

Keep track of the new proposals being used to cancel old finalising ones and require that a unique (i.e. not already used for canceling earlier) new proposal is being used to cancel an equivalent old one so that it cannot be used to cancel more than one old proposal.

strictly-scarce commented 3 years ago

https://github.com/code-423n4/2021-04-vader-findings/issues/227

0xBrian commented 3 years ago

https://github.com/vetherasset/vaderprotocol-contracts/pull/127/commits/c5fcb890d49115c9aa9cb767737c5d8c13a44b90

dmvt commented 3 years ago

duplicate of #227