search

code-423n4 / 2021-04-vader-findings

1 stars 0 forks source link

Completed proposals can be voted on and executed again #229

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

@cmichelio

Vulnerability details

Vulnerability Details

A proposal that is completed has its state reset, including the votes. Users can just vote on it again and it can be executed again.

Impact

Completed proposals should most likely not be allowed to be voted on / executed again. This could also lead to issues in backend scripts that don't expect any voting/execution events to be fired again after the FinalisedProposal event has fired.

Recommended Mitigation Steps

Add an executed flag to the proposals and disallow voting/finalising on already executed proposals.

strictly-scarce commented 3 years ago

It might be intended to have repeated proposals.