Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2023-03-aragon/blob/4db573870aa4e1f40a3381cdd4ec006222e471fe/packages/contracts/src/core/dao/DAO.sol#L248
There is not enough validation check for the isValidSignature function. The only validation check for the signature is that for Zero address which returns false. There should be enough validation check
Manual Review
Instead of the what it is currently implemented, it should be done this way instead https://github.com/OpenZeppelin/openzeppelin-contracts/blob/83277ff916ac4f58fec072b8f28a252c1245c2f1/contracts/utils/cryptography/SignatureChecker.sol#L36
0xean marked the issue as unsatisfactory: Insufficient quality
Lines of code
https://github.com/code-423n4/2023-03-aragon/blob/4db573870aa4e1f40a3381cdd4ec006222e471fe/packages/contracts/src/core/dao/DAO.sol#L248
Vulnerability details
Impact
There is not enough validation check for the isValidSignature function. The only validation check for the signature is that for Zero address which returns false. There should be enough validation check
Proof of Concept
https://github.com/code-423n4/2023-03-aragon/blob/4db573870aa4e1f40a3381cdd4ec006222e471fe/packages/contracts/src/core/dao/DAO.sol#L248
Tools Used
Manual Review
Recommended Mitigation Steps
Instead of the what it is currently implemented, it should be done this way instead https://github.com/OpenZeppelin/openzeppelin-contracts/blob/83277ff916ac4f58fec072b8f28a252c1245c2f1/contracts/utils/cryptography/SignatureChecker.sol#L36