Closed sherlock-admin4 closed 4 months ago
1 comment(s) were left on this issue during the judging contest.
karanctf commented:
it checks if it is active propossal or not in https://github.com/sherlock-audit/2024-03-nouns-dao-2/blob/8f6879efaf831eb7fc9d4a4ad2b62b5334220d87/nouns-monorepo/packages/nouns-contracts/contracts/governance/NounsDAOProposals.sol#L810C13-L810C30
The risk is that a proposer can reuse signatures to put up the same proposal more than once, as long as those signatures haven’t expired.
We did this by design, to avoid the extra gas of managing state on signatures, and we are comfortable putting some responsibility on signers to set a reasonable expiration date.
In short, this is by design and we think the likelihood is extremely low that severity should be lowered.
Yep, it's design decision, therefore, invalid.
ether_sky
medium
A proposer can use the same signature for multiple proposals.
Summary
There are several ways to create a
proposal
. One approach involves usingsignatures
from several users. Theproposer
should then pass thequorum threshold check
.Votes
fromsigners
are also taken into account. This approach allowsproposers
to createproposals
without delegatingvotes
. However, asignature
can be used multiple times before it'sexpiration date
. In other words, somesigners
agree on the proposal at a specific time and set an enoughexpiration date
. After executing theproposal
, theproposer
needs to make the sameproposal
again. At this point, he can reuse previoussignature
if they have not yet expired.Vulnerability Detail
When creating a
proposal
usingsignatures
, thevotes
fromsigners
are also used to pass thethreshold check
.The sign data includes information about the
proposer
,proposal contents
, anddescription
.Consequently, a
signature
can be used for the sameproposals
multiple times before it'sexpiration date
. I believe this should not be permitted. Even for the sameproposal
, a newproposal
requires collecting newsignatures
again.Impact
Code Snippet
https://github.com/sherlock-audit/2024-03-nouns-dao-2/blob/8f6879efaf831eb7fc9d4a4ad2b62b5334220d87/nouns-monorepo/packages/nouns-contracts/contracts/governance/NounsDAOProposals.sol#L187-L195 https://github.com/sherlock-audit/2024-03-nouns-dao-2/blob/8f6879efaf831eb7fc9d4a4ad2b62b5334220d87/nouns-monorepo/packages/nouns-contracts/contracts/governance/NounsDAOProposals.sol#L849-L857
Tool used
Manual Review
Recommendation
Signatures
should be cancelled once they have been used.