search

code-423n4 / 2024-03-saltyio-mitigation-findings

0 stars 0 forks source link

M-13 MitigationConfirmed #78

Open c4-bot-10 opened 4 months ago

c4-bot-10 commented 4 months ago

Lines of code

Vulnerability details

Comments

In the original implementation, malicious user can create a proposal ending in _confirm to block SET_CONTRACT and SET_WEBSITE_URL proposals being confirmed.

Mitigation

commit 5aa1bc1 The mitigation named the confirmation proposal starting with confirm_ instead of ending with _confirm: https://github.com/othernet-global/salty-io/blob/5aa1bc1ddadd67cd875de932633948af25ff8957/src/dao/DAO.sol#L185 https://github.com/othernet-global/salty-io/blob/5aa1bc1ddadd67cd875de932633948af25ff8957/src/dao/DAO.sol#L189 The original issue was resolved.

Conclusion

Confirmed

c4-judge commented 4 months ago

Picodes marked the issue as satisfactory

c4-judge commented 4 months ago

Picodes marked the issue as confirmed for report