Open code423n4 opened 12 months ago
This seems a bit inflated since it's the nature of proposal life cycles;
0xSorryNotSorry marked the issue as low quality report
Still, to check the return value on the proposal so that a failed proposal reverts is valid QA. Much better than the proposal failing silently.
alcueca changed the severity to QA (Quality Assurance)
alcueca marked the issue as grade-a
Lines of code
https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/Governance/TemporalGovernor.sol#L400-L402
Vulnerability details
Description
https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/Governance/TemporalGovernor.sol#L400-L402
According to
mip00.sol
, which shows the setup for the contracts,TemporalGovernor
is going to beadmin
of the Compound contracts:Comptroller/Unitroller
The issue is that admin calls on these contracts don't revert, they return a failure code,
_setCollateralFactor
as an example:https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/Comptroller.sol#L707-L740
If a call from
TemporalGovernor
has any errors it might fail silently as the return code is not checked.Impact
Important governance tasks can fail silently. Since anyone can execute them and the event emitted will signal success it might take time before governance realize that the intended changes were not made.
Some hints to the failure are given, the
Failure
event emitted by the failure check and the lack of events emitted on state changes on appropriate contracts and one could investigate the internal call chain of the transaction that performed theexecuteProposal
.All these require great extra care that might not be given since anyone can call
executeProposal
Proof of Concept
Test in
TemporalGovernorExec.t.sol
:Mocktroller
:Tools Used
Manual audit
Recommended Mitigation Steps
Consider adding a
expectedReturnValue
to thepayload
passed with theVAA
. If passed, this can then be checked in_executeProposal
against the return value of thecall
Assessed type
call/delegatecall