search

code-423n4 / 2023-07-moonwell-findings

1 stars 0 forks source link

`TemporalGovernor.sol` doesn't have a `receive` function, nor any payable function, which would make `_executeProposal` with `values` impossible #284

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-07-moonwell/blob/fced18035107a345c31c9a9497d0da09105df4df/src/core/Governance/TemporalGovernor.sol#L400-L402

Vulnerability details

Impact

The contract TemporalGovernor.sol is used to queue and execute proposals on other chains with data and values, but that is not possible since the contract can't receive native tokens.

Proof of Concept

As you can see the function executeProposal and fastTrackProposalExecution are not payable https://github.com/code-423n4/2023-07-moonwell/blob/fced18035107a345c31c9a9497d0da09105df4df/src/core/Governance/TemporalGovernor.sol#L237 https://github.com/code-423n4/2023-07-moonwell/blob/fced18035107a345c31c9a9497d0da09105df4df/src/core/Governance/TemporalGovernor.sol#L266 and the contract doesn't have any receive function, nor the contracts that it inherits, so any time the _executeProposal would be called with any of the values array value greater than 0, the transaction would revert because there are no native funds in the contract to be transferred.

Tools Used

Manual review

Recommended Mitigation Steps

Implement a receive function or set any function in the contract payable to be able to receive native tokens.

Assessed type

ETH-Transfer

c4-pre-sort commented 1 year ago

0xSorryNotSorry marked the issue as duplicate of #268

c4-judge commented 1 year ago

alcueca marked the issue as satisfactory

c4-judge commented 1 year ago

alcueca marked the issue as partial-50