Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-08-nounsdao/blob/main/contracts/governance/NounsDAOProxyV2.sol#L74
Setting the admin to address(0) will block the whole "only-admin" functionallity
address(0)
_setImplementation
_setVotingDelay
_setVotingPeriod
_setProposalThresholdBPS
_setMinQuorumVotesBPS
_setMaxQuorumVotesBPS
_setQuorumCoefficient
_setDynamicQuorumParams
_withdraw
_setPendingAdmin
VSCode, Slither
Consider safety-checking if (admin_ == address(0)) in NounsDAOProxyV2.constructor
if (admin_ == address(0))
While this is true, I think this is a non critical issue.
Lines of code
https://github.com/code-423n4/2022-08-nounsdao/blob/main/contracts/governance/NounsDAOProxyV2.sol#L74
Vulnerability details
Impact
Setting the admin to
address(0)
will block the whole "only-admin" functionallity_setImplementation
_setVotingDelay
_setVotingPeriod
_setProposalThresholdBPS
_setMinQuorumVotesBPS
_setMaxQuorumVotesBPS
_setQuorumCoefficient
_setDynamicQuorumParams
_withdraw
_setPendingAdmin
)Proof of Concept
https://github.com/code-423n4/2022-08-nounsdao/blob/main/contracts/governance/NounsDAOProxyV2.sol#L74
Tools Used
VSCode, Slither
Recommended Mitigation Steps
Consider safety-checking
if (admin_ == address(0))
in NounsDAOProxyV2.constructor