search

code-423n4 / 2023-10-opendollar-findings

10 stars 7 forks source link

The GovernorSettings are set to incorrect values #416

Closed c4-submissions closed 10 months ago

c4-submissions commented 10 months ago

Lines of code

https://github.com/open-dollar/od-contracts/blob/f4f0246bb26277249c1d5afe6201d4d9096e52e6/src/contracts/gov/ODGovernor.sol#L41

Vulnerability details

When ODGovernor is deployed the GovernorSettings is initialized with the initialVotingDelay, initialVotingPeriod and initialProposalThreshold. The problem is that the initialVotingDelay and initialVotingPeriod are set to incorrect values which are really small and the proposal wont have time to receive votes.

Impact

The votingPeriod and the snapshot will be too short and there will be not time to vote

Proof of Concept

https://github.com/open-dollar/od-contracts/blob/f4f0246bb26277249c1d5afe6201d4d9096e52e6/src/contracts/gov/ODGovernor.sol#L41

41:  GovernorSettings(1, 15, 0)

As you can see it is set to 1 and 15 which means that the initialVotingDelay will be 1 block and the initialVotingPeriod will be 15 blocks so there will be no time to vote.

Tools Used

Manual Review

Recommended Mitigation Steps

Use the correct values

Assessed type

Governance

c4-pre-sort commented 10 months ago

raymondfam marked the issue as low quality report

c4-pre-sort commented 10 months ago

raymondfam marked the issue as duplicate of #73

c4-judge commented 10 months ago

MiloTruck marked the issue as satisfactory