search

code-423n4 / 2022-08-olympus-findings

5 stars 4 forks source link

Governance wrong vote #428

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Governance.sol#L240 https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Governance.sol#L231

Vulnerability details

Description

There is a function vote in OlympusGovernance smart contract. This function must accept a vote for or against a proposal. But it is possible that someone will wote not for the proposal he expected: this is possible to activate another proposal using logic from the activateProposal function while the voting transaction is not added into some block of the chain. This is very similar to front-running transaction: attacker can send transaction calling activateProposal function with higher gas price than was chosen by the voter for his transaction.

Impact

Voter votes for the proposal that he don't expect instead of the proposal that is active on the moment of sending transaction.

Recommended Mitigation Steps

Add one more input parameter to the vote function: vote(bool for_, uint256 proposalId_). Then you can add an additional check to the vote function that prevents such attack scenario: require(proposalId_ == activeProposal.proposalId).

bahurum commented 2 years ago

Duplicate of #273

fullyallocated commented 2 years ago

Duplicate of #85

0xean commented 2 years ago

closing as dupe of #273