[M-00] dynamicQuorumVotes() can be calcualted incorrectly
Problem
Incorrect values of params.quorumCoefficient impact dynamic quorum votes calculation.
When quorumCoefficient is set there is no sanity checking if this value is correct, which is >= 1e6 and < 1e7
if quorumCoefficient is low enough it can result in quorumAdjustmentBPS to become zero
if quorumCoefficient is high enough, the quorumBPS will always be equal params.maxQuorumVotesBPS and always ignore adjustedQuorumBPS
Mitigation
Add sanity check in _setQuorumCoefficient(uint32 newQuorumCoefficient):
if (newQuorumCoefficient >= 1e7 || newQuorumCoefficient < 1e6) revert IncorrectQuorumCoefficient()
Lines of code
https://github.com/code-423n4/2022-08-nounsdao/blob/main/contracts/governance/NounsDAOLogicV2.sol#L909-L912
Vulnerability details
[M-00]
dynamicQuorumVotes()
can be calcualted incorrectlyProblem
Incorrect values of
params.quorumCoefficient
impact dynamic quorum votes calculation. WhenquorumCoefficient
is set there is no sanity checking if this value is correct, which is >= 1e6 and < 1e7Proof of Concept
if
quorumCoefficient
is low enough it can result inquorumAdjustmentBPS
to become zero ifquorumCoefficient
is high enough, thequorumBPS
will always be equalparams.maxQuorumVotesBPS
and always ignoreadjustedQuorumBPS
Mitigation
Add sanity check in
_setQuorumCoefficient(uint32 newQuorumCoefficient)
:if (newQuorumCoefficient >= 1e7 || newQuorumCoefficient < 1e6) revert IncorrectQuorumCoefficient()