code-423n4 / 2024-09-reserve-mitigation-findings

0 stars 0 forks source link

ADD-02 MitigationConfirmed #19

Open c4-bot-2 opened 2 months ago

c4-bot-2 commented 2 months ago

Lines of code

Vulnerability details

The change addresses the findings Malicious proposals can be executed in the Governance and StRSR era changes can be leveraged for governance attacks.

The fix applied, that is checking at proposal execution time that the proposal was not only voted but also created in the same era as the one it's being executed in, is consistent with the mitigation recommended in both findings.

While the fix introduces a small risk that also legitimate proposals are rejected, it adds an extra layer of security by forcing a minimum timeframe for StRSR to build a fair distribution of voting power after an era change before voting power is sampled for proposal voting.

c4-judge commented 2 months ago

thereksfour marked the issue as satisfactory

c4-judge commented 2 months ago

thereksfour marked the issue as confirmed for report