`Governance::cancel` allows any user to cancel valid proposals and block governance functionalities
Summary
RAAC has a Governance mechanism that enables veRAAC holders to create and vote on proposals, manage protocol parameters through governance, implement secure timelock execution for proposals, and track proposal states and voting results. This is done through the propose, castVote, executeand cancel functions.
Vulnerability Details
The problem relies on the Governance::cancellogic in which a wrong check is implemented allowing valid proposals and proposers to be canceled when the proposer has voting power above the threshold and not above as it should be, following documentation.
Impact
Protocol can be attacked and the proposal system will be halted by malicious users. Because any wallet can call the Governance::cancelfunction.
Tools Used
Code Review
Recommendations
Adjust the conditional to allow cancelations of proposals in which the proposer's voting power has dropped.
Lead Judging Commences
Governance::cancel allows canceling proposals in Succeeded and Queued states, enabling single actors to override community decisions
Governance::cancel allows canceling proposals in Succeeded and Queued states, enabling single actors to override community decisions
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.