c4-bot-5 commented 8 months ago

Lines of code

https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/dao/Proposals.sol#L103

Vulnerability details

Impact

The creation of proposals can be front-run with another proposal bearing the same name, causing the previous transaction to fail.

Proof of Concept

// Make sure that a proposal of the same name is not already open for the ballot
require( openBallotsByName[ballotName] == 0, "Cannot create a proposal similar to a ballot that is still open" );
require( openBallotsByName[ string.concat(ballotName, "_confirm")] == 0, "Cannot create a proposal for a ballot with a secondary confirmation" );

Tools Used

Manual review.

Recommended Mitigation Steps

Each proposal should have a nonce attached to the name to differentiate them even with the same name.

Assessed type

DoS

c4-judge commented 8 months ago

Picodes marked the issue as duplicate of #621

c4-judge commented 7 months ago

Picodes marked the issue as partial-50

Picodes commented 7 months ago

No real impact or meaningful example is provided

code-423n4 / 2024-01-salty-findings

DOS creation of proposal #1000