c4-judge
commented
4 months ago Picodes marked the issue as confirmed for report
Open c4-bot-8 opened 4 months ago
c4-judge
commented
4 months ago Picodes marked the issue as confirmed for report
c4-judge
commented
4 months ago Picodes marked the issue as satisfactory
Lines of code
Vulnerability details
C4 Issue
https://github.com/code-423n4/2024-01-salty-findings/issues/844
Comments
The vulnerability highlighted in this issue lies in the ability to reuse SALT tokens for voting on proposals within the Salty protocol, potentially allowing a malicious proposal to pass and compromise the protocol's integrity. This is possible because, although a user cannot vote multiple times on the same proposal with the same account, they can circumvent this by unstaking their SALT, wait for unstaking period to end, transferring it to another account, and then voting again. This exploit was facilitated by the protocol's voting system, which allows proposals to remain open indefinitely if quorum is not met.
Mitigation
https://github.com/othernet-global/salty-io/commit/758349850a994c305a0ab9a151d00e738a5a45a0
The issue was fixed by adding the ability to set a ballot's maximum duration, and also adding the ability to manually close a ballot. If the ballot maximum duration is reached, then the ballot can be manually closed and marked as finalised, and hence voting can no longer commence.
Additional commentary
While I do believe this mitigates the issue fairly, it is still possible to vote more than once so long as the unstake period(can be as low as 2 weeks) is shorter than the maximum duration of ballot(which can be as high as 90 days). This is however mitigated by the penalties incurred for early unstaking.
Tests
tests were added to check for this and are passing.
Conclusion
LGTM