BondVault fails if no SPARTA in DAO

[code423n4]

Handle

cmichel

Vulnerability details

The DAO.bond function requires BASE tokens in the DAO contract. It's unclear how these tokens get there. If there are not enough tokens, the transaction will revert.

Recommended Mitigation Steps

Keep a balance of BASE in the DAO contract.

[verifyfirst]

Dao has to vote for a sparta allocation before anyone can participate in bonding

[SamusElderg]

Bond is temporary & limited by design; the DApp handles the required conditional checks to only allow bonding when the user is attempting a txn that is within the available allocations held in the DAO (after the DAO proposes and successfully confirms a BOND allocation)

This will only be an issue for the end-user if they are interacting directly with the contracts (which is definitely not intended with these Sparta-specific features; users should expect risk if they are doing so) or in very edge cases where the SPARTA allocation is almost all drained and a user inputs a bond amount within the 5-10 second DApp refresh-window and are slow to confirm the txn

So for me it is a non-issue and instead a very small UX-issue when the allocation is almost/drained

[ghoul-sol]

Per sponsor comment, non-critical