Votes can be cast even if the proposal state is not "Active"

[code423n4]

Lines of code

https://github.com/nounsDAO/nouns-monorepo/blob/718211e063d511eeda1084710f6a682955e80dcb/packages/nouns-contracts/contracts/governance/NounsDAOLogicV1.sol#L450-L451

Vulnerability details

Impact

Votes can be cast on proposals that are not currently open for voting, which can lead to unexpected behavior and potential manipulation of the voting process. By allowing votes to be cast on inactive proposals, it undermines the intended functionality of the DAO by potentially allowing votes to be counted on proposals that should no longer be eligible for voting. This can lead to incorrect vote tallies and compromise the integrity of the voting system.

Proof of Concept

The castVote function does not check if the proposal state is "Active" before casting a vote. In a well-designed voting system, it is typically required to check if a proposal is in the "Active" state before allowing votes to be cast. This check ensures that votes can only be cast during the active voting period and not before or after. However, in this code, the check is missing, which means votes can be cast even if the proposal is not in the "Active" state https://github.com/nounsDAO/nouns-monorepo/blob/718211e063d511eeda1084710f6a682955e80dcb/packages/nouns-contracts/contracts/governance/NounsDAOLogicV1.sol#L496-L502

Tools Used

Recommended Mitigation Steps

Add verifications by calling the state function and comparing the returned value with the ProposalState.Active enum value.

Assessed type

Governance

[0xSorryNotSorry]

Voting implements below ;

require(state(proposalId) == ProposalState.Active, 'NounsDAO::castVoteInternal: voting is closed');

Invalid assumption.

[c4-pre-sort]

0xSorryNotSorry marked the issue as low quality report

[c4-judge]

gzeon-c4 marked the issue as unsatisfactory: Invalid