Comments about the governor/owner being malicious (they are considered trusted and will be moved to the DAO).
Issues about the ability for a governor/owner to set parameters in a way breaking the contract (they are trusted to be both non-malicious and non-stupid).
Github username: @Audinarey Twitter username: audinarey Submission hash (on-chain): 0x6adc26573027c63581eae9badfcce93f88fd0aa4e8e6f533a46fa959331fd9c8 Severity: low
Description: Description\ Per the NATSPEC comments in the
changeDurations(...)
function,there is a missing check to ensure that the
challengePeriodDuration
variable is lesser/lower than the time for a dispute.Attack Scenario\ As shown below, the check/validation described above is missing.
This check is also missing from the
initialise(...)
functionImplement a check to ensure the new
_challengePeriodDuration
value is lesser/lower than the time for a dispute.