c4-judge
commented
8 months ago Picodes marked the issue as satisfactory
Open c4-bot-5 opened 8 months ago
c4-judge
commented
8 months ago Picodes marked the issue as satisfactory
Lines of code
Vulnerability details
Lines of code
https://github.com/othernet-global/salty-io/blob/main/src/dao/Proposals.sol#L110
Vulnerability details
Summary
The mitigation for M-11 is meant to ensure that a user does not get extra voting power (by reducing the quorum) simply by unstaking their SALT.
Mitigation
To fix this,
requiredQuorumvalue is now saved at the time of proposal creation on L110. Even if the user now unstakes their SALT after proposal creation, the value of quorum required remains the same, avoiding any chance of manipulation.Conclusion
The existing issue is fixed. However, a new attack vector emerges due to this fix. Refer my report titled "Partial snapshot means staking after proposal creation gives unfair benefit" for further details.