search

code-423n4 / 2024-05-munchables-findings

3 stars 1 forks source link

Stalemate Could Happen and No New Proposal Is Able to Be Made #466

Closed howlbot-integration[bot] closed 3 months ago

howlbot-integration[bot] commented 3 months ago

Lines of code

https://github.com/code-423n4/2024-05-munchables/blob/main/src/managers/LockManager.sol#L142-L242

Vulnerability details

Vulnerability details

A stalemate can occur if 2 users approve and 2 users disapprove a proposal, making the contract ineffective as no new proposals can be made or resolved.

Impact

Users with the pricefeed_n role can create a proposal. If 2 users approve and 2 users disapprove, the proposal remains unresolved because 2 votes are less than both the APPROVE_THRESHOLD and DISAPPROVE_THRESHOLD. Since the same address cannot both approve and disapprove, the proposal cannot be dropped, leading to a deadlock. This makes the contract ineffective.

Tool used

Manual

Recommended Mitigation Steps

Possible Solutions

  1. Decrease the Threshold Number:
    • Lower the APPROVE_THRESHOLD and DISAPPROVE_THRESHOLD to reduce the likelihood of a stalemate.
  2. Increase the Number of Addresses:
    • Add another address to the voting pool, increasing the total number of voters to 6. This reduces the chance of a tie, as an even number of voters can prevent a stalemate situation.

Assessed type

Other

c4-judge commented 3 months ago

alex-ppg marked the issue as not a duplicate

alex-ppg commented 3 months ago

The Warden claims that a stalemate may occur similarly to #92 and thus is considered to be an invalid submission for the same reasons.

c4-judge commented 3 months ago

alex-ppg marked the issue as unsatisfactory: Invalid