search

llamaxyz / llama

Llama is an onchain governance and access control framework for smart contracts.
https://llama.xyz
MIT License
47 stars 5 forks source link

fix: Insufficient quantity checks in `validateActionCreation` of `LlamaAbsolutePeerReview` use the wrong quantity checkpoint #446

Closed 0xrajath closed 1 year ago

0xrajath commented 1 year ago

https://github.com/spearbit-audits/review-llama2/pull/7#discussion_r1272551595 https://github.com/spearbit-audits/review-llama2/pull/7#discussion_r1272591218

We need to use :

  1. llamaPolicy.getPastQuantity(actionInfo.creator, approvalRole, block.timestamp - 1);
  2. llamaPolicy.getPastQuantity(actionInfo.creator, disapprovalRole, block.timestamp - 1);
0xrajath commented 1 year ago

Related to https://github.com/spearbit-audits/review-llama2/issues/11