0xSorryNotSorry
commented
11 months ago The proposals are being submitted cross-chain. So it's up to the Governance to queue or not.
Open code423n4 opened 12 months ago
0xSorryNotSorry
commented
11 months ago The proposals are being submitted cross-chain. So it's up to the Governance to queue or not.
c4-pre-sort
commented
11 months ago 0xSorryNotSorry marked the issue as low quality report
alcueca
commented
11 months ago The warden is actually right. Not being able to cancel queued proposals is uncomfortable at best, risky at worst. Due to the lack of proof, I'm just downgrading this to QA and leaving to the sponsor to consider it.
c4-judge
commented
11 months ago alcueca changed the severity to QA (Quality Assurance)
c4-judge
commented
11 months ago alcueca marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-07-moonwell/blob/fced18035107a345c31c9a9497d0da09105df4df/src/core/Governance/TemporalGovernor.sol#L27
Vulnerability details
Impact
In TemporalGovernor contract there is no available functionality for canceling a proposal
If for some reason a passed proposal needs to be cancelled it wouldn't be possible as there is no available functionality.
Proof of Concept
https://github.com/code-423n4/2023-07-moonwell/blob/fced18035107a345c31c9a9497d0da09105df4df/src/core/Governance/TemporalGovernor.sol#L27
Tools Used
Manual Review
Recommended Mitigation Steps
Consider implementing a functionality for canceling of propasals
Assessed type
Other