code423n4 commented 1 year ago

Lines of code

https://github.com/nounsDAO/nouns-monorepo/blob/718211e063d511eeda1084710f6a682955e80dcb/packages/nouns-contracts/contracts/governance/NounsDAOExecutor.sol#L173

Vulnerability details

Impact

All transactions with Ether to the NounsDAOExecutor::executeTransaction() function will fail because it does not have the payable keyword.

Proof of Concept

The executeTransaction() function of the NounsDAOExecutor contract does not have the payable keyword so every transaction with Ether to the function will fail.

The executeTransaction() has call value without a payable keyword.

function executeTransaction(address target, uint256 value, string memory signature, bytes memory data, uint256 eta)
        public
        returns (bytes memory)
    {

        ....//omitted code.
        //@audit not payable
        // solium-disable-next-line security/no-call-value
        (bool success, bytes memory returnData) = target.call{value: value}(callData); 
       //@audit no msg.value validation
        require(success, "NounsDAOExecutor::executeTransaction: Transaction execution reverted.");

        emit ExecuteTransaction(txHash, target, value, signature, data, eta);

        return returnData;
    }

Tools Used

Manual Review

Recommended Mitigation Steps

Consider adding the payable keyword to the executeTransaction() function.

Assessed type

Payable

c4-pre-sort commented 1 year ago

0xSorryNotSorry marked the issue as primary issue

eladmallel commented 1 year ago

Wrong analysis, our executor holds any ETH we need for proposal execution. We haven't needed execute functions to be payable to date, after ~2 years of successful operation.

c4-sponsor commented 1 year ago

eladmallel marked the issue as sponsor disputed

c4-judge commented 1 year ago

gzeon-c4 marked the issue as unsatisfactory: Invalid

code-423n4 / 2023-07-nounsdao-findings

All transactions with Ether to NounsDAOExecutor::executeTransaction() function will fail. #228