Proposals that passed the threshold ("finalized") can be cancelled by a minority again using the cancelProposal functions.
It only sets mapPID_votes to zero but mapPID_timeStart and mapPID_finalising stay the same and pass the checks in finaliseProposal which queues them for execution.
Impact
Proposals cannot be cancelled.
Recommended Mitigation Steps
Set a cancel flag and check for it in finaliseProposal and in execution.
strictly-scarce
commented
3 years ago
Handle
@cmichelio
Vulnerability details
Vulnerability Details
Proposals that passed the threshold ("finalized") can be cancelled by a minority again using the
cancelProposalfunctions. It only setsmapPID_votesto zero butmapPID_timeStartandmapPID_finalisingstay the same and pass the checks infinaliseProposalwhich queues them for execution.Impact
Proposals cannot be cancelled.
Recommended Mitigation Steps
Set a cancel flag and check for it in
finaliseProposaland in execution.