search

sherlock-audit / 2024-03-nouns-dao-2-judging

1 stars 0 forks source link

miaowu - The `newvotingdelay` of `NounsDAOAdmin::_setVotingDelay` cannot meet the needs mentioned in the comments #10

Closed sherlock-admin2 closed 4 months ago

sherlock-admin2 commented 4 months ago

miaowu

medium

The newvotingdelay of NounsDAOAdmin::_setVotingDelay cannot meet the needs mentioned in the comments

Summary

The newvotingdelay of NounsDAOAdmin::_setVotingDelay cannot meet the needs mentioned in the comments

Vulnerability Detail

In the comment, "Best to set voting delay to at least a few days, to give voters time to make sense of proposals, e.g. 21,600 blocks which should be at least 3 days." But MAX_VOTING_DELAY_BLOCKS + MAX_VOTING_PERIOD_BLOCK = 2.56 days = 56 hours = 201600 seconds, which cannot meet the requirement of "at least a few days"

Impact

The voters don‘t have enough time to make sense of proposals

Code Snippet

https://github.com/sherlock-audit/2024-03-nouns-dao-2/blob/main/nouns-monorepo/packages/nouns-contracts/contracts/governance/NounsDAOAdmin.sol#L152-L180

/**
     * @notice Admin function for setting the voting delay. Best to set voting delay to at least a few days, to give
     * voters time to make sense of proposals, e.g. 21,600 blocks which should be at least 3 days.
     * @param newVotingDelay new voting delay, in blocks
     */
    function _setVotingDelay(uint256 newVotingDelay) external onlyAdmin {
        require(
            newVotingDelay >= MIN_VOTING_DELAY_BLOCKS && newVotingDelay <= MAX_VOTING_DELAY_BLOCKS,
            'NounsDAO::_setVotingDelay: invalid voting delay'
        );
        uint256 oldVotingDelay = ds().votingDelay;
        ds().votingDelay = newVotingDelay;

        emit VotingDelaySet(oldVotingDelay, newVotingDelay);
    }

    /**
     * @notice Admin function for setting the voting period
     * @param newVotingPeriod new voting period, in blocks
     */
    function _setVotingPeriod(uint256 newVotingPeriod) external onlyAdmin {
        require(
            newVotingPeriod >= MIN_VOTING_PERIOD_BLOCKS && newVotingPeriod <= MAX_VOTING_PERIOD_BLOCKS,
            'NounsDAO::_setVotingPeriod: invalid voting period'
        );
        uint256 oldVotingPeriod = ds().votingPeriod;
        ds().votingPeriod = newVotingPeriod;

        emit VotingPeriodSet(oldVotingPeriod, newVotingPeriod);
    }

Tool used

Manual Review

Recommendation

If the comment is wrong, 201600 was incorrectly written as 21600, just modify the comment. If it is not a comment error, it is recommended to increase the values of MAX_VOTING_DELAY_BLOCKS and MAX_VOTING_PERIOD_BLOCK to meet the needs

sherlock-admin3 commented 4 months ago

1 comment(s) were left on this issue during the judging contest.

WangAudit commented:

those max values are in blocks; thus each of them is not 100800 seconds; but 100800 blocks