An important proposal can expire during the forking period.
Summary
Succeeded proposals move to the timelock for execution.
During the grace period, they can only be executed.
After this grace period, proposals expire.
And during the forking period, no proposals can be executed.
Some important proposals might expire due to the overlappinggrace period and forking period.
Then we need to recreate the same proposal and gather votes again.
However, this process takes time, and there is no guarantee they will pass again.
Vulnerability Detail
We can only execute the proposals during the grace period in the timelock.
function executeTransaction(
address target,
uint256 value,
string memory signature,
bytes memory data,
uint256 eta
) public returns (bytes memory) {
require(
getBlockTimestamp() >= eta,
"NounsDAOExecutor::executeTransaction: Transaction hasn't surpassed time lock."
);
require(
getBlockTimestamp() <= eta + GRACE_PERIOD,
'NounsDAOExecutor::executeTransaction: Transaction is stale.'
);
}
During the forking period, executing proposals is not possible.
function executeInternal(
NounsDAOTypes.Storage storage ds,
NounsDAOTypes.Proposal storage proposal,
INounsDAOExecutor timelock
) internal {
if (ds.isForkPeriodActive()) revert CannotExecuteDuringForkingPeriod();
}
As a result, some proposals may expire even though they are eligible for execution.
I believe it's intended design and clearly see your point, but as I understand forking will be know a lot of time before it, so the users can be careful with their proposals.
ether_sky
medium
An important proposal can expire during the forking period.
Summary
Succeeded
proposals
move to thetimelock
forexecution
. During thegrace period
, they can only be executed. After thisgrace period
,proposals
expire. And during theforking period
, noproposals
can be executed. Some importantproposals
might expire due to theoverlapping
grace period
andforking period
. Then we need to recreate the sameproposal
and gathervotes
again. However, this process takes time, and there is no guarantee they will pass again.Vulnerability Detail
We can only execute the
proposals
during thegrace period
in thetimelock
.During the
forking period
, executingproposals
is not possible.As a result, some
proposals
may expire even though they are eligible for execution.Impact
Code Snippet
https://github.com/sherlock-audit/2024-03-nouns-dao-2/blob/8f6879efaf831eb7fc9d4a4ad2b62b5334220d87/nouns-monorepo/packages/nouns-contracts/contracts/governance/NounsDAOExecutorV2.sol#L178-L185 https://github.com/sherlock-audit/2024-03-nouns-dao-2/blob/8f6879efaf831eb7fc9d4a4ad2b62b5334220d87/nouns-monorepo/packages/nouns-contracts/contracts/governance/NounsDAOProposals.sol#L452
Tool used
Manual Review
Recommendation
If the execute
proposal
call is invoked during theforking period
, we can extend theeta
of it to the end of theforking period
.