The issue describes how an attacker can exploit a vulnerability in the proposal creation system by submitting proposals with duplicate names, effectively preventing legitimate proposals from being created across various functions (e.g., sending SALT, setting contract addresses, calling contracts, token whitelisting). This is possible because the system currently prevents the creation of proposals with names identical to those of existing open ballots, without considering the full details of the proposal in the uniqueness check. As a result, malicious actors can block specific actions or updates by continuously creating proposals with the same names but with erroneous details.
The mitigation effectively dealt with this issue by making sure all proposal attributes are included in the ballot name to ensure each proposal is distinct and legitimate.
Lines of code
Vulnerability details
C4 Issue
https://github.com/code-423n4/2024-01-salty-findings/issues/621
Comments
The issue describes how an attacker can exploit a vulnerability in the proposal creation system by submitting proposals with duplicate names, effectively preventing legitimate proposals from being created across various functions (e.g., sending SALT, setting contract addresses, calling contracts, token whitelisting). This is possible because the system currently prevents the creation of proposals with names identical to those of existing open ballots, without considering the full details of the proposal in the uniqueness check. As a result, malicious actors can block specific actions or updates by continuously creating proposals with the same names but with erroneous details.
Mitigation
https://github.com/othernet-global/salty-io/commit/39921b4a25041c7ac4e9b5279e12bb2ec518140b
The mitigation effectively dealt with this issue by making sure all proposal attributes are included in the ballot name to ensure each proposal is distinct and legitimate.
Tests
Tests were added/updated and are passing
Conclusion
LGTM