Open code423n4 opened 12 months ago
The proposals are being submitted cross-chain. So it's up to the Governance to queue or not.
0xSorryNotSorry marked the issue as low quality report
The warden is actually right. Not being able to cancel queued proposals is uncomfortable at best, risky at worst. Due to the lack of proof, I'm just downgrading this to QA and leaving to the sponsor to consider it.
alcueca changed the severity to QA (Quality Assurance)
alcueca marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-07-moonwell/blob/fced18035107a345c31c9a9497d0da09105df4df/src/core/Governance/TemporalGovernor.sol#L27
Vulnerability details
Impact
In TemporalGovernor contract there is no available functionality for canceling a proposal
If for some reason a passed proposal needs to be cancelled it wouldn't be possible as there is no available functionality.
Proof of Concept
https://github.com/code-423n4/2023-07-moonwell/blob/fced18035107a345c31c9a9497d0da09105df4df/src/core/Governance/TemporalGovernor.sol#L27
Tools Used
Manual Review
Recommended Mitigation Steps
Consider implementing a functionality for canceling of propasals
Assessed type
Other