otherCohort() is not returning different value when the Election has ended.

[code423n4]

Lines of code

https://github.com/ArbitrumFoundation/governance/blob/c18de53820c505fc459f766c1b224810eaeaabc5/src/security-council-mgmt/governors/SecurityCouncilNomineeElectionGovernor.sol#L394-L398

Vulnerability details

Impact

In SecurityCouncilNomineeElectionGovernor.sol when the otherCohort() function is called, it should return the otherCohort. But it is not the case because it returns the cohort at electionIndexToCohort at electionCount - 2 which is only updated when another election is created, ie; after 6 months but the cohort is changed after the current Election ends. The issue is with the value electionCount persisting over 6 months while the cohort is updated as soon as the Election is done.

The return values of otherCohort() may return wrong answer depending when its called. And it can break the logic of many other function in which the values of otherCohort is used.

Proof of Concept

Let the return value of otherCohort() while an Election is running is [A,B,C,D...]. After the election ends the cohort is updated, but since the value of electionCount persists until the next election is created, the otherCohort() will return the same value [A,B,C,D...] until the next election even though the current Cohort is updated with new members. This will break the functions that are using the return value of otherCohort for their logic.

Tools Used

Manual review

Recommended Mitigation Steps

Adjust the return values of otherCohort() accordingly by checking if an Election is active or not.

Assessed type

Error

[0xSorryNotSorry]

This is intended as per the NATPSEC;

@notice Returns cohort not currently up for election

[c4-pre-sort]

0xSorryNotSorry marked the issue as low quality report

[c4-judge]

0xean marked the issue as unsatisfactory: Invalid