Closed sherlock-admin2 closed 1 month ago
The claim that the vote functions do not emit events is incorrect. The claim that these functions allow enacting decisions without a delay is also incorrect are these functions are part of a multi-steps mechanism for governance decision. In any case, the points raised in this issue are outside the scope of this contest.
@telome VoteDelegate.sol is nSLOC 61, and did show up at the scope see scope. apologising for any inconvenience caused. where you are referring to; "are part of a multi-steps mechanism", then I will attempt to say my fault it is not as easy to track everything without documentation wolf thanks. will try co-pilot next time. please send link for your claim, thank you. apologising for any inconvenience made.
0xaliyah
High
h-04
VoteDelegate
Contract Governance roles 0xaliyahSummary
0xaliyah
title:
VoteDelegate
Contract Governance RolesVoteDelegate
contract are allow the delegate to execute votes on governance decisions without the emitting events or using time-lock mechanisms.Vulnerability Detail
vote
methods (vote(address[] memory yays)
andvote(bytes32 slate)
) andvotePoll
methods (votePoll(uint256 pollId, uint256 optionId)
andvotePoll(uint256[] calldata pollIds, uint256[] calldata optionIds)
) have enable the delegate to making the impactful decisions for the protocol governance without transparencyImpact
Code Snippet
poc 01 poc 02 poc poc
Tool used
Manual Review
Recommendation
openzeppelin consensys