The function _executeProposal in TemporalGovernor contract will fail, if there is a value to send with the call to the targets
_executeProposal function could send native token out along with a call to the targets encoded in vm.payload, but the current implementation has no recieve function in place to receive any native tokens
This will make the function unusable when a value is to be sent along with the call, as all subsequent calls with not enough native token balance in the contract will revert this calls
function _executeProposal(bytes memory VAA, bool overrideDelay) private {
#############
for (uint256 i = 0; i < targets.length; i++) {
address target = targets[i];
uint256 value = values[i];
bytes memory data = calldatas[i];
// Go make our call, and if it is not successful revert with the error bubbling up
(bool success, bytes memory returnData) = target.call{value: value}(
data
);
/// revert on failure with error message if any
require(success, string(returnData));
emit ExecutedTransaction(target, value, data);
}
}
I Recommend adding a receive function to receive native tokens, the receive function can then be restricted to accept tokens from only trusted addresses
Lines of code
https://github.com/code-423n4/2023-07-moonwell/blob/fced18035107a345c31c9a9497d0da09105df4df/src/core/Governance/TemporalGovernor.sol#L344
Vulnerability details
Impact
The function _executeProposal in TemporalGovernor contract will fail, if there is a value to send with the call to the targets
_executeProposal function could send native token out along with a call to the targets encoded in vm.payload, but the current implementation has no recieve function in place to receive any native tokens
This will make the function unusable when a value is to be sent along with the call, as all subsequent calls with not enough native token balance in the contract will revert this calls
Proof of Concept
https://github.com/code-423n4/2023-07-moonwell/blob/fced18035107a345c31c9a9497d0da09105df4df/src/core/Governance/TemporalGovernor.sol#L344
Tools Used
Manual Review
Recommended Mitigation Steps
I Recommend adding a receive function to receive native tokens, the receive function can then be restricted to accept tokens from only trusted addresses
Assessed type
call/delegatecall