code-423n4 / 2021-04-vader-findings

1 stars 0 forks source link

Function can be simplified #276

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

s1m0

Vulnerability details

Impact

In finaliseProposal the code between 114-116 can be omitted because it's always true from the require on line 113. mapPID_finalising[proposalID] is set to true only in _finalise() and _finalise() is called only if the proposal has quorum (line 85 - 88).

Proof of Concept

https://github.com/code-423n4/2021-04-vader/blob/main/vader-protocol/contracts/DAO.sol#L114

Tools Used

Manual analysis

Recommended Mitigation Steps

Remove the code between 114-116

0xBrian commented 3 years ago

https://github.com/vetherasset/vaderprotocol-contracts/commit/f7c7085af0eb871ba80db3932acc703fd6d3623c

dmvt commented 3 years ago

duplicate of #186