fullyallocated
commented
2 years ago Duplicate of #239
Open code423n4 opened 2 years ago
fullyallocated
commented
2 years ago Duplicate of #239
0xean
commented
2 years ago I don't think this is a duplicate of #239 and should stand alone as a seperate issue.
Lines of code
https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Governance.sol#L1-L315
Vulnerability details
Impact
With only
ENDORSEMENT_THRESHOLD% (currently 20%) voting power, a malicious user can prevent any other proposal from being activated. WhileENDORSEMENT_THRESHOLDis currently fairly high, it seems not higher than that it might not be used to hold the system hostage to extract far more funds.Proof of Concept
Submit a dummy proposal, endorse it and then activate it. Now, no other proposal can be activated for a
GRACE_PERIOD. When this time period is over, this procedure may be repeated, either immediately or just before any other proposal activation by front-running.Tools Used
Code inspection
Recommended Mitigation Steps
Making sure
ENDORSEMENT_THRESHOLDis at least 50% seems discouraging enough. Other more creative solutions should be possible. One might be to let the most endorsed proposal be activated, or restricting who can activate a proposal; anything that at least temporarily liberates the governance system so that the attacker is dissuaded from investing in this attack method.