A Price Feed address can vote against and in favor of the same proposal at the same time

[howlbot-integration[bot]]

Lines of code

https://github.com/code-423n4/2024-05-munchables/blob/main/src/managers/LockManager.sol#L194

Vulnerability details

In the contract's approveUSDPrice function, in order to prevent repeated voting, the caller needs to be checked accordingly. However, the approveUSDPrice function only checks that the caller has not voted for it, but not whether it has voted against it. This leads to the possibility that the user first votes against the proposal and then votes in favor, then he will be able to vote twice for the same proposal

Assessed type

Invalid Validation

[c4-judge]

alex-ppg marked the issue as satisfactory