The USD price update proposal contract does not account for proposal expiration, potentially leading to the approval of stale proposals with outdated price information. This can result in inaccurate price updates and negatively impact the system's integrity.
The contract records the date a proposal is made but does not implement any mechanism to expire proposals. As a result, proposals can remain active indefinitely, and stale proposals with outdated information might be approved in the future.
In the above code, there is no check to expire proposals based on their proposedDate.
Impact
Proposals with outdated information can be approved, leading to inaccurate price updates.
Recommended Mitigation Steps
Implement a proposal expiration mechanism to ensure that only timely and relevant proposals are considered. For example, proposals can be set to expire after a certain period, such as 7 days.
Add a proposal expiration check in the approval and disapproval functions:
uint32 constant PROPOSAL_EXPIRATION_TIME = 7 days; // Example expiration time
function approveUSDPrice(uint256 _price)
external
onlyOneOfRoles(
[
Role.PriceFeed_1,
Role.PriceFeed_2,
Role.PriceFeed_3,
Role.PriceFeed_4,
Role.PriceFeed_5
]
)
{
if (usdUpdateProposal.proposer == address(0)) revert NoProposalError();
if (usdUpdateProposal.proposer == msg.sender) revert ProposerCannotApproveError();
if (usdUpdateProposal.proposedPrice != _price) revert ProposalPriceNotMatchedError();
if (block.timestamp > usdUpdateProposal.proposedDate + PROPOSAL_EXPIRATION_TIME) {
delete usdUpdateProposal;
revert ProposalExpiredError();
}
usdUpdateProposal.approvals[msg.sender] = _usdProposalId;
usdUpdateProposal.approvalsCount++;
if (usdUpdateProposal.approvalsCount >= APPROVE_THRESHOLD) {
_execUSDPriceUpdate();
}
emit ApprovedUSDPrice(msg.sender, _price);
}
Lines of code
https://github.com/code-423n4/2024-05-munchables/blob/57dff486c3cd905f21b330c2157fe23da2a4807d/src/managers/LockManager.sol#L142-L174
Vulnerability details
The USD price update proposal contract does not account for proposal expiration, potentially leading to the approval of stale proposals with outdated price information. This can result in inaccurate price updates and negatively impact the system's integrity.
The contract records the date a proposal is made but does not implement any mechanism to expire proposals. As a result, proposals can remain active indefinitely, and stale proposals with outdated information might be approved in the future.
Proof of Concept
Consider the following contract functions:
https://github.com/code-423n4/2024-05-munchables/blob/57dff486c3cd905f21b330c2157fe23da2a4807d/src/managers/LockManager.sol#L142-L174
In the above code, there is no check to expire proposals based on their
proposedDate
.Impact
Proposals with outdated information can be approved, leading to inaccurate price updates.
Recommended Mitigation Steps
Implement a proposal expiration mechanism to ensure that only timely and relevant proposals are considered. For example, proposals can be set to expire after a certain period, such as 7 days.
Add a proposal expiration check in the approval and disapproval functions:
Assessed type
Context