search

code-423n4 / 2021-07-spartan-findings

0 stars 0 forks source link

Event log poisoning by griefing attackers #104

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

0xRajeev

Vulnerability details

Impact

Event log poisoning is possible by griefing attackers who have no DAO weight but vote and emit event that takes up event log space.

Proof of Concept

https://github.com/code-423n4/2021-07-spartan/blob/e2555aab44d9760fdd640df9095b7235b70f035e/contracts/Dao.sol#L382

https://github.com/code-423n4/2021-07-spartan/blob/e2555aab44d9760fdd640df9095b7235b70f035e/contracts/Dao.sol#L393

Tools Used

Manual Analysis

Recommended Mitigation Steps

Emit event only if non-zero weight as relevant to proposal voting/cancelling.

SamusElderg commented 3 years ago

Good point; @verifyfirst should we make the event conditional or is it used anywhere when the vote is zeroed out? From memory when zeroed-out it is simply done via mappings and doesn't emit an event anyway so probably safe to conditional this one (or remove it if we aren't using it in any user-facing interface)

verifyfirst commented 3 years ago

Yep, a conditional is a good one