search

code-423n4 / 2024-01-salty-findings

4 stars 3 forks source link

No Quorum Requirement #977

Closed c4-bot-9 closed 5 months ago

c4-bot-9 commented 5 months ago

Lines of code

https://github.com/code-423n4/2024-01-salty/blob/main/src/launch/BootstrapBallot.sol#L69

Vulnerability details

Impact

Detailed description of the impact of this finding. No Quorum Requirement: The contract does not require a minimum number of votes for the ballot to be valid. This could lead to decisions being made with very low voter turnout.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

if ( startExchangeYes > startExchangeNo ) { exchangeConfig.initialDistribution().distributionApproved(); exchangeConfig.dao().pools().startExchangeApproved();

        startExchangeApproved = true;
        }

    emit BallotFinalized(startExchangeApproved);

    ballotFinalized = true;

Tools Used

Recommended Mitigation Steps

There should be minimum number of votes for the ballot to be valid.

Assessed type

Context

c4-judge commented 5 months ago

Picodes marked the issue as duplicate of #413

c4-judge commented 4 months ago

Picodes changed the severity to QA (Quality Assurance)

c4-judge commented 4 months ago

Picodes marked the issue as grade-c