search

code-423n4 / 2022-08-nounsdao-findings

2 stars 0 forks source link

in V2 Struct Proposal adds new params - totalSupply & creationBlock. So items in struct can overlap, as the struct consumes more slots. #348

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-08-nounsdao/blob/45411325ec14c6d747b999a40367d3c5109b5a89/contracts/governance/NounsDAOInterfaces.sol#L238-L242 https://github.com/code-423n4/2022-08-nounsdao/blob/45411325ec14c6d747b999a40367d3c5109b5a89/contracts/governance/NounsDAOInterfaces.sol#L311-L315

Vulnerability details

Impact

Possible slot overlapping. Reference: https://ethereum.stackexchange.com/questions/112386/is-it-safe-to-append-a-variable-in-array-of-structure-during-upgrade-the-contrac

Proof of Concept

additing new Proposal structs

Tools Used

Visual Studio

Recommended Mitigation Steps

Append new variables that will manage this totalSupply/CreationBlock info stored.

davidbrai commented 2 years ago

to our best understanding, there is no slot collision in the upgrade. the issue provides no evidence that there is