auditsbyradev - `NounsDAOProposals.sol` contract: Description and Transactions of proposals can be changed post-submission

[sherlock-admin3]

auditsbyradev

high

NounsDAOProposals.sol contract: Description and Transactions of proposals can be changed post-submission

Summary

The Nouns DAO protocol uses an advanced governance model, allowing token holders to propose, vote and implement changes to the ecosystem. This model is built around proposals that encapsulate changes ranging from minor tweaks in protocol parameters to significant financial allocations from the DAO treasury. Each proposal goes through a life cycle from creation, through a voting period, to implementation if approved. The integrity of this process is vital to maintaining trust, ensuring community interests are fairly represented, and protecting protocol assets.

Vulnerability Detail

The problem is that the Nouns DAO governance logic, specifically within the NounsDAOProposals.sol contract, allow proposers to update the description and transactions of proposals post-submission. While intended to improve the user experience by incorporating voter feedback directly into the suggestion engine, this feature inadvertently introduces risk. Voters who vote based on initial versions of proposals may not be aware of subsequent material changes, potentially leading to the approval of proposals that are no longer consistent with their original intent.

Impact

Malicious proposers could exploit this feature to initially present benign proposals, gather support, then alter the proposal's intent or financial allocations to serve their interests. Awareness of the potential for proposal manipulation could lead to decreased participation in the voting process, undermining the governance model's legitimacy. Significant treasury assets could be misallocated or stolen if proposals with hidden or late-stage changes are executed, leading to financial loss and reputational damage. The execution of materially altered proposals, especially those involving financial transactions, could expose the DAO to legal and regulatory scrutiny.

Code Snippet

• (NounsDAOProposals.sol#updateProposal())[https://github.com/sherlock-audit/2024-03-nouns-dao-2/blob/8f6879efaf831eb7fc9d4a4ad2b62b5334220d87/nouns-monorepo/packages/nouns-contracts/contracts/governance/NounsDAOProposals.sol#L227-L260] function:

  /**
   * @notice Update a proposal transactions and description.
   * Only the proposer can update it, and only during the updateable period.
   * @param proposalId Proposal's id
   * @param targets Updated target addresses for proposal calls
   * @param values Updated eth values for proposal calls
   * @param signatures Updated function signatures for proposal calls
   * @param calldatas Updated calldatas for proposal calls
   * @param description Updated description of the proposal
   * @param updateMessage Short message to explain the update
   */
  function updateProposal(
      NounsDAOTypes.Storage storage ds,
      uint256 proposalId,
      address[] memory targets,
      uint256[] memory values,
      string[] memory signatures,
      bytes[] memory calldatas,
      string memory description,
      string memory updateMessage
  ) external {
      updateProposalTransactionsInternal(ds, proposalId, targets, values, signatures, calldatas);
  
      emit NounsDAOEventsV3.ProposalUpdated(
          proposalId,
          msg.sender,
          targets,
          values,
          signatures,
          calldatas,
          description,
          updateMessage
      );
  }

Tool used

Manual Review

Recommendation

Several mitigations can be done here:

• Implement a feature that prevents any modifications to proposals once the first vote has been cast. This ensures that early voters and late voters are making decisions based on the same information.
• Introduce a versioning system for proposals that undergo modifications before voting begins, along with a transparent change log. This allows voters to review the history of changes before casting their votes.
• Develop a robust notification system that alerts voters of any changes to proposals they've interacted with or expressed interest in, ensuring they are fully informed before making voting decisions.
• Extend the minimum voting delay to a period that allows sufficient time for voters to notice and evaluate updated proposal details, potentially several days, to ensure that updates do not unfairly influence the voting outcome.

[sherlock-admin4]

1 comment(s) were left on this issue during the judging contest.

WangAudit commented:

I don't a clear impact from that report; it seems like intended functionality; I don't see how funds can be stolen; plus there are specific onjection periods to vote against

[eladmallel]

Proposals can only be updated during the updatable period, and it's all by design.