Open code423n4 opened 3 years ago
Not valid.
All pools use slip-based fees so flash loan attack by buying up USDV or synths is not going to work.
The funds to execute this attack do not need to come from a pool. It could be done as simply as malicious members pooling their funds in a flash loan contract, and each borrowing the funds in turn to vote.
Handle
0xRajeev
Vulnerability details
Impact
Flash loans can significantly increase a single voter's weight and be used to impact the voting outcome. A voter can borrow a significant quantity of tokens to increase their voting weight in a transaction within which they also deterministically influence the voting outcome to their choice.
This has already happened in the case of MakerDAO governance where a flash loan was used to affect voting outcome (see https://forum.makerdao.com/t/urgent-flash-loans-and-securing-the-maker-protocol/4901) and noted by Maker team as: “a practical example for the community that flash loans can and may impact system governance”
Given that flash loans are a noted concern, the impact of it to DAO governance which can control all critical protocol parameters should be mitigated as in other places.
Proof of Concept
https://github.com/code-423n4/2021-04-vader/blob/3041f20c920821b89d01f652867d5207d18c8703/vader-protocol/contracts/DAO.sol#L158-L163
Tools Used
Manual Analysis
Recommended Mitigation Steps
Account for flash loans in countMemberVotes() by using weight from previous blocks or consider capping the weight of individual voters.