search

code-423n4 / 2022-08-nounsdao-findings

2 stars 0 forks source link

the `proposal.proposer` can not be the `admin` #280

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-08-nounsdao/blob/main/contracts/governance/NounsDAOLogicV2.sol#L351 https://github.com/code-423n4/2022-08-nounsdao/blob/main/contracts/governance/NounsDAOExecutor.sol#L134

Vulnerability details

Impact

The user who creates a proposal is not the admin.

Proof of Concept

On NounsDAOLogicV2.sol the function cancel() have a require( msg.sender == proposal.proposer || … and its invoke cancelTransaction() on NounsDAOExecutor.sol which have an other check require(msg.sender == admin ,… and the same think with the veto()

davidbrai commented 2 years ago

Duplicate of #283