Open code423n4 opened 3 years ago
s1m0
voteProposal() doesn't check that proposalID <= proposalCount.
https://github.com/code-423n4/2021-04-vader/blob/main/vader-protocol/contracts/DAO.sol#L79
Manual analysis
in voteProposal() require(proposalID <= proposalCount, "Proposal not existent") should be <= because proposalCount is updated before using it (e.g. https://github.com/code-423n4/2021-04-vader/blob/main/vader-protocol/contracts/DAO.sol#L59) in this way the proposal n. 0 is not assignable i'm not sure if it's wanted or not.
Handle
s1m0
Vulnerability details
Impact
voteProposal() doesn't check that proposalID <= proposalCount.
Proof of Concept
https://github.com/code-423n4/2021-04-vader/blob/main/vader-protocol/contracts/DAO.sol#L79
Tools Used
Manual analysis
Recommended Mitigation Steps
in voteProposal() require(proposalID <= proposalCount, "Proposal not existent") should be <= because proposalCount is updated before using it (e.g. https://github.com/code-423n4/2021-04-vader/blob/main/vader-protocol/contracts/DAO.sol#L59) in this way the proposal n. 0 is not assignable i'm not sure if it's wanted or not.