Closed sherlock-admin3 closed 4 months ago
1 comment(s) were left on this issue during the judging contest.
WangAudit commented:
proposals have to be succeeded and then queued to be executed; I don't think this can happen with cancelled prposals; at least the report decided not to show anything of this plus signature cancellation
auditsbyradev
high
NounsDAOLogicV4.sol
contract - Proposal with canceled signature can be executedSummary
The Nouns DAO protocol utilize NFTs (non-fungible tokens) as both a participatory medium and a voting mechanism for governance decisions. In essence, Nouns DAO allows token holders to propose, vote on, and implement changes to the protocol. Proposals can range from adjustments to the protocol's parameters to broader strategic directions. The governance model is designed to be inclusive and decentralized, ensuring that all decisions are made transparently and democratically.
Vulnerability Detail
The problem is that the proposals with canceled signature can be executed. In a standard operating scenario, a proposal is submitted with a signature that verifies the identity and intent of the proposer. This signature is a cryptographic guarantee of the proposal's authenticity and the proposer's consent. However, the vulnerability is that the proposals with signatures that have been canceled - either by the proposer retracting their consent or through some other means - to still be executed.
Impact
Malicious actors could exploit this vulnerability to pass proposals that have been publicly canceled or retracted, leading to unauthorized changes in the protocol. The ability to execute proposals with canceled signatures undermines the trust and security model of the DAO. It opens up the potential for proposals to be executed against the original intent of the proposer or without proper authorization. The integrity of the governance process is compromised, as proposals that may have been withdrawn or canceled due to community feedback could still be executed.
Code Snippet
https://github.com/sherlock-audit/2024-03-nouns-dao-2/blob/8f6879efaf831eb7fc9d4a4ad2b62b5334220d87/nouns-monorepo/packages/nouns-contracts/contracts/governance/NounsDAOLogicV4.sol#L442-L448
https://github.com/sherlock-audit/2024-03-nouns-dao-2/blob/8f6879efaf831eb7fc9d4a4ad2b62b5334220d87/nouns-monorepo/packages/nouns-contracts/contracts/governance/NounsDAOProposals.sol#L437-L466
Tool used
Manual Review
Recommendation
Implement additional checks in the proposal execution process to verify the status of a signature, ensuring it has not been canceled or invalidated before execution.