search

code-423n4 / 2022-08-nounsdao-findings

2 stars 0 forks source link

`writeQuorumParamsCheckpoint()` and `getDynamicQuorumParamsAt()` at some point will be out of the work (`NounsDAOLogicV2.sol` will Queued) #282

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-08-nounsdao/blob/main/contracts/governance/NounsDAOLogicV2.sol#L923 https://github.com/code-423n4/2022-08-nounsdao/blob/main/contracts/governance/NounsDAOLogicV2.sol#L965

Vulnerability details

Impact

_writeQuorumParamsCheckpoint() and getDynamicQuorumParamsAt() at some point will be out of the work. The Ethereum block numbers have no limit

Proof of Concept

The max of uint32 is 4 294 967295 so on this block number these functions will be out. At the same block number no one will be able to use this contract successfully because the state() invoke quorumVotes() which is called getDynamicQuorumParamsAt()
no one will be able to check the ProposalState if Defeated, Succeeded, Executed, Expired or Queued

Recommended Mitigation Steps

Use uint256 to expand the time more

davidbrai commented 2 years ago

4294967295 (max) -15434938 (current block) = 4279532357 4279532357 * 12 seconds = ~1600 years

while true, I think this is a very low concern