The OlympusGovernance.executeProposal() function makes an external call to kernel contract before updating the state variable activeProposal. This does not follow the CEI pattern and allows the function to be possibly be re-entered to execute the proposal multiple times before the proposal is deactivated.
fullyallocated
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-08-olympus/blob/main/src/policies/Governance.sol#L279
Vulnerability details
Impact
The OlympusGovernance.executeProposal() function makes an external call to kernel contract before updating the state variable
activeProposal. This does not follow the CEI pattern and allows the function to be possibly be re-entered to execute the proposal multiple times before the proposal is deactivated.Proof of Concept
https://github.com/code-423n4/2022-08-olympus/blob/main/src/policies/Governance.sol#L279
Tools Used
Manual review
Recommended Mitigation Steps
A non-reentrant modifier or mutex may be necessary. Alternatively, the check-effect-interact pattern should be implemented.