The issue describes how stakers within governance system are limited to sponsoring one proposal at a time, which must reach a quorum of votes within a set duration to be finalized. The problem arises when a proposal fails to secure the needed quorum, leaving it indefinitely active and preventing the sponsor from submitting new proposals. The absence of a mechanism for sponsors to withdraw or cancel their proposals exacerbates this problem, hindering active participation in governance due to being locked into unresolved proposals.
The mitigation for this was to set a default 30 day period(ballotMaximumDuration) after which ballots can be removed manually by any user. this period is also modifiable by the owner and can be a max of 90 and low of 15 days.
Lines of code
Vulnerability details
C4 Issue
https://github.com/code-423n4/2024-01-salty-findings/issues/362
Comments
The issue describes how stakers within governance system are limited to sponsoring one proposal at a time, which must reach a quorum of votes within a set duration to be finalized. The problem arises when a proposal fails to secure the needed quorum, leaving it indefinitely active and preventing the sponsor from submitting new proposals. The absence of a mechanism for sponsors to withdraw or cancel their proposals exacerbates this problem, hindering active participation in governance due to being locked into unresolved proposals.
Mitigation
https://github.com/othernet-global/salty-io/commit/758349850a994c305a0ab9a151d00e738a5a45a0
The mitigation for this was to set a default 30 day period(ballotMaximumDuration) after which ballots can be removed manually by any user. this period is also modifiable by the owner and can be a max of 90 and low of 15 days.
Tests
Tests were added and all are passing.
Conclusion
LGTM