search

code-423n4 / 2022-08-olympus-findings

5 stars 4 forks source link

[NAZ-M2] Centralization Risk with `"voter_admin"` Has The Ability To `mintTo/BurnFrom` Any Arbitrary Amount of `VOTES` #442

Closed code423n4 closed 1 year ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-08-olympus/blob/main/src/policies/VoterRegistration.sol#L45 https://github.com/code-423n4/2022-08-olympus/blob/main/src/policies/VoterRegistration.sol#L53

Vulnerability details

Impact

"voter_admin" has the ability to mint/burn any arbitrary amount of VOTES. Creating a centralization risk that allows "voter_admin" to pass or veto any proposal.

Proof of Concept

  1. Alice submits a proposal that benefits the users at an expense of Mallory's dev team (owners of multisig wallet).
  2. Mallory's dev team sees that the proposal has passed endorsing and is going into active voting.
  3. They don't like Alice's proposal and decide to issueVotesTo() to an arbitrary wallet and then vote no on the proposal. a. Could also issue set number of votes to arbitrary wallet so that Alice's proposal doesn't pass the 20% of totalSupply() check to be voted on.

Tools Used

Manual Review

Recommended Mitigation Steps

I don't really see any good fixes for this so, consider documenting this so that users can know.

0xLienid commented 2 years ago

Permissioned wallets having access to permission-gated functions is intended functionality.

0xean commented 1 year ago

dupe of #380