Missing validation allows proposals requesting transfers of 0 tokens being accepted/proposed/executed, which can impact future Extraordinary Funding proposals due to the increasing minimum threshold.
Impact
Proposals requesting 0 token transfers can be executed.
Proof of Concept
In the given Solidity code, the _validateCallDatas function calculates the total tokensRequested for a proposal:
// @audit-issue Missing validation on tokensRequested. Proposals requesting transfers of 0 tokens may also be accepted
tokensRequested_ += SafeCast.toUint128(tokensRequested);
However, there is no check to ensure that the tokensRequested value is greater than zero. This may lead to proposals with 0 tokens requested being accepted.
If this happens on an EPM proposal, it will pass and essentially be a no-op, but will still increase the minimum threshold by 5%.
The worst case is that this no-op is executed exhaustively up to a point where the Extraordinary Proposal Mechanism is extinct.
Tools Used
Manual review
Recommended Mitigation Steps
Validate that the tokensRequested value is greater than zero with require(tokensRequested > 0, "ajna/validate-0-tokens-requested");.
Lines of code
https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-grants/src/grants/base/Funding.sol#L129-L137
Vulnerability details
Missing validation allows proposals requesting transfers of 0 tokens being accepted/proposed/executed, which can impact future Extraordinary Funding proposals due to the increasing minimum threshold.
Impact
Proposals requesting 0 token transfers can be executed.
Proof of Concept
In the given Solidity code, the _validateCallDatas function calculates the total tokensRequested for a proposal:
However, there is no check to ensure that the tokensRequested value is greater than zero. This may lead to proposals with 0 tokens requested being accepted.
If this happens on an EPM proposal, it will pass and essentially be a no-op, but will still increase the minimum threshold by 5%.
The worst case is that this no-op is executed exhaustively up to a point where the Extraordinary Proposal Mechanism is extinct.
Tools Used
Manual review
Recommended Mitigation Steps
Validate that the tokensRequested value is greater than zero with
require(tokensRequested > 0, "ajna/validate-0-tokens-requested");
.Assessed type
Invalid Validation