Closed c4-bot-5 closed 7 months ago
Picodes marked the issue as primary issue
othernet-global (sponsor) confirmed
parameterType now validated https://github.com/othernet-global/salty-io/commit/524b59900013d90d17db2b34263c4973a866ab38
Downgrading this to Low as either it would be a user mistake so this is a safety check and falls within QA, or the user would just harm himself.
Picodes changed the severity to QA (Quality Assurance)
Picodes marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2024-01-salty/blob/main/src/dao/Proposals.sol#L155
Vulnerability details
Impact
It is possible to create a proposal with an invalid parameter type. The parameter type can range from 0 to 24 but when a parameter proposal ballot is created, the
parameterType
is never validated. Anyone can create an invalid proposal.If the voters decide to vote and finalize the invalid proposal during the calling of the
finalizeBallot
function, the whole transaction will revert. This is because in the_finalizeParameterBallot
function, during the casting toParameterType
, it will return an error.Proof of Concept
Paste the test in the
Proposals.t.sol
file.Tools Used
Manual Review
Recommended Mitigation Steps
Validate the
parameterType
before creating the proposal.Assessed type
DoS