Closed code423n4 closed 1 year ago
Believe this to be working as intended, with a version and a build number. Will leave open for sponsor comment to confirm.
The documentation is wrong here. It should have stated that for the first version, the release number is 1 and build number is 1 (v1.1). So this can be downgraded to a QA finding that we will acknowledge.
novaknole20 marked the issue as sponsor disputed
novaknole20 requested judge review
novaknole20 marked the issue as disagree with severity
0xean changed the severity to QA (Quality Assurance)
Warden fails to demonstrate impact required for this to be considered M and based on sponsor comment, this appears to just be a documentation issue. Downgrading to QA
0xean marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2023-03-aragon/blob/main/packages/contracts/src/framework/plugin/repo/PluginRepo.sol#L165
Vulnerability details
Impact
When the
PluginRepo
contract is deployed the first version created should be1.0
but due to an error in the code it will be1.1
which can impact the protocol working.Proof of Concept
The first version created of a given
PluginRepo
should always be equal to1.0
as it is stated in the docs, but due to an error in thecreateVersion
function the actual first version will be1.1
.The error occurs in the line below :
File: PluginRepo.sol Line 165
As you can see the code increments first the
buildsPerRelease
value then assign the final value to the variablebuild
which is used to create the version value as it can be seen :So when the first version is created the variable
buildsPerRelease[_release]
will be equal to 0 (by default) and thus after the pre-incrementation the value ofbuild
will be equal to 1, in consequence the first version created will be1.1
instead of1.0
.This can affect the protocol working as the DAO rely on specific versions of a given plugin in its logic and an error in the version can potentially lead to the execution of wrong functionalities or to a bad behaviour of the DAO.
Tools Used
Manual review
Recommended Mitigation Steps
To remove this issue the value of
buildsPerRelease[_release]
should be incremented after assigning its old value to thebuild
variable, thus the line 165 should be replace by the following :