Closed code423n4 closed 1 year ago
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L800-L802
PartyGovernance.disableEmergencyExecute() will permanently disable PartyGovernance.emergencyExecute() as there is no other means to toggle emergencyExecuteDisabled back to false. This means emergencyExecute() can never be called once
emergencyExecuteDisabled
Manual review
The logic should allow toggling the emergencyExecuteDisabled state
That's the intended design.
This is a design choice - there are pros and cons to allowing it to flip back but that's not explored in this report so closing as invalid.
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L800-L802
Vulnerability details
Impact
PartyGovernance.disableEmergencyExecute() will permanently disable PartyGovernance.emergencyExecute() as there is no other means to toggle
emergencyExecuteDisabled
back to false. This means emergencyExecute() can never be called onceProof of Concept
https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/party/PartyGovernance.sol#L800-L802
Tools Used
Manual review
Recommended Mitigation Steps
The logic should allow toggling the
emergencyExecuteDisabled
state