Closed c4-bot-7 closed 8 months ago
Picodes marked the issue as duplicate of #46
Picodes marked the issue as not a duplicate
Picodes marked the issue as duplicate of #984
Picodes marked the issue as satisfactory
Picodes changed the severity to 2 (Med Risk)
Picodes marked the issue as duplicate of #746
Lines of code
https://github.com/code-423n4/2024-01-salty/blob/main/src/dao/Proposals.sol#L259-L293 https://github.com/code-423n4/2024-01-salty/blob/main/src/dao/DAO.sol#L278-L291 https://github.com/code-423n4/2024-01-salty/blob/main/src/dao/Proposals.sol#L385-L400 https://github.com/code-423n4/2024-01-salty/blob/main/src/dao/DAO.sol#L219-L228 https://github.com/code-423n4/2024-01-salty/blob/main/src/dao/Proposals.sol#L130-L152
Vulnerability details
Impact
In the function
Proposals::castVote
is used to vote for a proposal made to the DAO. This functions uses the amount staked in the SALT pool to calculate the voting power of the user.However, the vote is not recalculated in none of the functions used during the finalization of a proposal, this are the functions:
DAO::finalizeBallot()
DAO::_finalizeApprovalBallot()
Proposal::canFinalizeBallot()
Proposal::markBallotAsFinalized()
As impact, this enables a user to win a proposal vote with a unfair amount of voting power, as shown in the Proof of Concept.
Proof of Concept
Here is the scenario showing that if a user has 33.34% voting power, they can win any Yes or No proposal.
Save the test in a file called POC.t.sol and run the test with
NETWORK="sep" forge test -vv --mt testVotingPOC --rpc-url "YOUR_RPC_URL"
Tools Used
Recommended Mitigation Steps
Revalidate the voting power to finalize a proposal, this will allow a fair result for all users.
Assessed type
Other