"voter_admin" has the ability to mint/burn any arbitrary amount of VOTES. Creating a centralization risk that allows "voter_admin" to pass or veto any proposal.
Proof of Concept
Alice submits a proposal that benefits the users at an expense of Mallory's dev team (owners of multisig wallet).
Mallory's dev team sees that the proposal has passed endorsing and is going into active voting.
They don't like Alice's proposal and decide to issueVotesTo() to an arbitrary wallet and then vote no on the proposal.
a. Could also issue set number of votes to arbitrary wallet so that Alice's proposal doesn't pass the 20% of totalSupply() check to be voted on.
Tools Used
Manual Review
Recommended Mitigation Steps
I don't really see any good fixes for this so, consider documenting this so that users can know.
Lines of code
https://github.com/code-423n4/2022-08-olympus/blob/main/src/policies/VoterRegistration.sol#L45 https://github.com/code-423n4/2022-08-olympus/blob/main/src/policies/VoterRegistration.sol#L53
Vulnerability details
Impact
"voter_admin"
has the ability tomint/burn
any arbitrary amount ofVOTES
. Creating a centralization risk that allows"voter_admin"
to pass or veto any proposal.Proof of Concept
issueVotesTo()
to an arbitrary wallet and then voteno
on the proposal. a. Could also issue set number of votes to arbitrary wallet so that Alice's proposal doesn't pass the 20% oftotalSupply()
check to be voted on.Tools Used
Manual Review
Recommended Mitigation Steps
I don't really see any good fixes for this so, consider documenting this so that users can know.