Closed sherlock-admin3 closed 5 months ago
kgothatso
high
the function can run forever and revert any vote from being registered.
this function has a recursive call to it has and has no condition to stop it
function _castVote( address voter_, uint256 proposalId_, uint8 support_, string memory reason_ ) internal returns (uint256 weight_) { ProposalState state_ = state(proposalId_); if (state_ != ProposalState.Active) revert ProposalInactive(state_); unchecked { // NOTE: Can be done unchecked since `voteStart` is always greater than 0. weight_ = getVotes(voter_, _proposals[proposalId_].voteStart - 1); } @> _castVote(voter_, weight_, proposalId_, support_, reason_); }
1.can revert when it calls its selfs again, can fish the gas because of an infinite loop and can cast many votes
https://github.com/sherlock-audit/2023-10-mzero/blob/main/ttg/src/abstract/BatchGovernor.sol#L457
Manual Review
remove this line of code
function _castVote( address voter_, uint256 proposalId_, uint8 support_, string memory reason_ ) internal returns (uint256 weight_) { ProposalState state_ = state(proposalId_); if (state_ != ProposalState.Active) revert ProposalInactive(state_); unchecked { // NOTE: Can be done unchecked since `voteStart` is always greater than 0. weight_ = getVotes(voter_, _proposals[proposalId_].voteStart - 1); } - _castVote(voter_, weight_, proposalId_, support_, reason_); }
Invalid, no PoC required for gas griefing issues required by sherlock
Also invalid because the _castVote functions are not the same, so it is not recursive.
_castVote
kgothatso
high
infinite function can finish gas and cause DOS
Summary
the function can run forever and revert any vote from being registered.
Vulnerability Detail
this function has a recursive call to it has and has no condition to stop it
Impact
1.can revert when it calls its selfs again, can fish the gas because of an infinite loop and can cast many votes
Code Snippet
https://github.com/sherlock-audit/2023-10-mzero/blob/main/ttg/src/abstract/BatchGovernor.sol#L457
Tool used
Manual Review
Recommendation
remove this line of code