clesaege
commented
1 month ago Here, this governor address is gonna be move to the PoH DAO using Kleros Safesnap which does require a challenge period before a proposal is executed. Per Kleros Coop development rules: Do not over-engineer. Over-engineering lowers security, increases gas costs, and decreases convincibility. Kiss ♥. Don't protect the user from himself. Client execution is almost free, but smart contract execution isn't, so limit smart contracts to blocking malicious behavior and let clients prevent the stupid ones.
As per contest rules, the following are excluded:
- Comments about the governor/owner being malicious (they are considered trusted and will be moved to the DAO).
- Issues about the ability for a governor/owner to set parameters in a way breaking the contract (they are trusted to be both non-malicious and non-stupid).
Github username: @erictee2802 Twitter username: 0xEricTee Submission hash (on-chain): 0x855209c8d10b51c3adcee9f44e399059310668d2008f91592e4655cf5feafd1a Severity: low
Description: Description
Implementing a two-step procedure for updating protocol addresses adds an extra layer of security. In such a system, the first step initiates the change, and the second step, after a predefined delay, confirms and finalizes it. This delay allows stakeholders or monitoring tools to observe and react to unintended or malicious changes. If an unauthorized change is detected, corrective actions can be taken before the change is finalized. To achieve this, introduce a "proposed address" state variable and a "delay period". Upon an update request, set the "proposed address". After the delay, if not contested, the main protocol address can be updated.
Attack Scenario
If wrong address is set,
governorcannot be recovered and functions withonlyGovernormodifier is no longer callable.Attachments
NA
Manual Analysis
Implement two-step procedure while changing
governoraddress.