/// @dev This is currently a substitute module that stubs gOHM.
means that the VOTES module is temporary and will be replaced by a form of governance token (could be staked gOHM for example). One must be sure before upgrading that the new token does not present a transfer function nor any mechanism or bypass that effectively allows to transfer tokens in between addresses. If the contrary is true, it would lead to a double endorsing issue (possibility to call OlympusGovernance.endorseProposal() a second time after getting the same tokens to a different address). Note that a bypass that allows transfer of tokens without delay could be used by an attacker to get unlimited endorsement power and execute a DoS on the governance by frontrunning calls to activateProposal() with a self-endorsed proposal.
[L-02]: Voting temporarily reduces endorsing power
When calling vote() on the governance, VOTES token are transfered temporarily to the governance contract (Governance.sol#L259), so one must wait before being able to endorse a proposal again.
[L-03]: Missing events for critical changes in system parameters
Change of critical system parameters should come with an event emission to allow for monitoring of potentially dangerous or malicious changes. Occurrencies of this issue are Kernel.sol#L77, Kernel.sol#L127, BondCallback.sol#L190
[L-04]: executor can become also admin
At Kernel.sol#L253 the executor is allowed to become also admin of the Kernel. Consider checking that the admin set is not the executor (and vice versa at Kernel.sol#L251) to avoid full centralization of the system.
[L-05]: Open TODOs
Open TODOs can point to architecture or programming issues that still need to be resolved. Occurrencies at TreasuryCustodian.sol#L51-L56, Operator.sol#L657. All issues raised in TODOs should be addressed before deployment.
[NC-03]: Use custom error when netVotes should underflow
In QA.md#L82 check that yesVotesForProposal[activeProposal.proposalId] > noVotesForProposal[activeProposal.proposalId] before subtracting and revert with custom error NotEnoughVotesToExecute if not. This avoids to have a Panic error due to underflow in case netVotes should underflow.
[L-01]: Upgrades to
VOTESmodule can lead to governance vulnerabilitiesThe comment in VOTES.sol#L10:
means that the
VOTESmodule is temporary and will be replaced by a form of governance token (could be staked gOHM for example). One must be sure before upgrading that the new token does not present atransferfunction nor any mechanism or bypass that effectively allows to transfer tokens in between addresses. If the contrary is true, it would lead to a double endorsing issue (possibility to callOlympusGovernance.endorseProposal()a second time after getting the same tokens to a different address). Note that a bypass that allows transfer of tokens without delay could be used by an attacker to get unlimited endorsement power and execute a DoS on the governance by frontrunning calls toactivateProposal()with a self-endorsed proposal.[L-02]: Voting temporarily reduces endorsing power
When calling
vote()on the governance,VOTEStoken are transfered temporarily to the governance contract (Governance.sol#L259), so one must wait before being able to endorse a proposal again.[L-03]: Missing events for critical changes in system parameters
Change of critical system parameters should come with an event emission to allow for monitoring of potentially dangerous or malicious changes. Occurrencies of this issue are Kernel.sol#L77, Kernel.sol#L127, BondCallback.sol#L190
[L-04]:
executorcan become alsoadminAt Kernel.sol#L253 the
executoris allowed to become alsoadminof theKernel. Consider checking that theadminset is not theexecutor(and vice versa at Kernel.sol#L251) to avoid full centralization of the system.[L-05]: Open
TODOsOpen TODOs can point to architecture or programming issues that still need to be resolved. Occurrencies at TreasuryCustodian.sol#L51-L56, Operator.sol#L657. All issues raised in TODOs should be addressed before deployment.
[NC-01]: Missing/Incomplete/Incorrect Natspec comments:
missing Natspec comments for public / external functions:
missing Natspec comments for public getters:
missing function parameters:
missing function return values
incorrect comments:
Mapping of keycode to module addressMapping of keycode to module addressPolicyandKeycodeshould be invertedConsider adding missing Natspec comments according to the relevant section in the solidity docs.
[NC-02]: Redundant code:
At Governance.sol#L223 and Governance.sol#L306 use of
bool == trueis equivalent to justbool.[NC-03]: Use custom error when
netVotesshould underflowIn QA.md#L82 check that
yesVotesForProposal[activeProposal.proposalId] > noVotesForProposal[activeProposal.proposalId]before subtracting and revert with custom errorNotEnoughVotesToExecuteif not. This avoids to have a Panic error due to underflow in casenetVotesshould underflow.