Closed code423n4 closed 1 year ago
Technically correct but insignificant, the Voter Registration is just for testing purposes and real votes won't utilize this mechanic
going to mark this as a rough dupe of #275 - I don't think the "front running" makes this special in any way and really comes down to the same root issue. Votes that are revoked still count.
closer dupe to #308
Lines of code
https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/VoterRegistration.sol#L53-L56 https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Governance.sol#L259
Vulnerability details
Impact
One can avoid to be revoked their votes
Proof of Concept
Let's assume there is a running votes. If an user will be revoked their votes by
VoteRegistration::revokeVotesFrom
, they can callGovernance::vote
with high gas fee to avoid for their votes to be taken away by front-running therevokeVotesFrom
.The
Governance::vote
will transfer the votes from the user to the governance contract. Therefore, after thevote
, the user does not have any votes in their address. So, theVoteRegistration::revokeVotesFrom
will revert and no votes are revoked.To be really sure, the user keep their votes always in the Governance contract by voting and reclaim only before the next vote. This way, the user will have the voting power, but they will be always safe from any revokes.
Tools Used
none
Recommended Mitigation Steps
If the votes should be transferred to the governance after the vote, the revoke function should also decrease those votes.