In veRAACToken Proposal Snapshot isnt set
Summary
the proposalPowerSnapshots mapping isn't initialized when a proposal is created. The getVotingPowerForProposal function
relies on this snapshot to determine voting power at the proposal's creation time. Without setting this snapshot,
every proposal would have a snapshot block of zero, causing the function to revert and making it impossible to
vote on proposals. This halts governance entirely
Vulnerability Details
The contract lacks logic to set proposalPowerSnapshots when a proposal is created.
Example: Governance proposals are created, but proposalPowerSnapshots[proposalId] remains 0
Impact
All proposals revert due to invalid snapshots.
Governance is paralyzed; no proposals can pass or execute.
Tools Used
manual review
Recommendations
set proposalPowerSnapshots for all proposals
Lead Judging Commences
Governance.castVote uses current voting power instead of proposal creation snapshot, enabling vote manipulation through token transfers and potential double-voting
Governance.castVote uses current voting power instead of proposal creation snapshot, enabling vote manipulation through token transfers and potential double-voting
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.