Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

No Threshold Check When Executing Proposal

ChainDefenders

Summary

In the Governance.sol contract the execute function is missing a check to verify whether the proposer's voting power has dropped below the threshold, which can lead to the execution of proposals by proposers who no longer meet the required voting power.

Vulnerability Details

The vulnerability arises from the absence of a check in the execute function to ensure that the proposer's voting power is still above the proposal threshold at the time of execution. If the proposer's voting power drops below the threshold after the proposal is created but before it is executed, the proposal can still be executed. This undermines the integrity of the governance process, as proposals should only be executed if the proposer maintains the required voting power throughout the process.

Impact

By allowing proposals to be executed by proposers who no longer meet the required voting power, the protocol may execute proposals that do not have sufficient support. This can lead to the implementation of decisions that do not reflect the consensus of the community, potentially causing governance and operational issues. It undermines the fairness and reliability of the governance process, as proposers who lose their voting power should not be able to push through proposals.

Tools Used

Manual Review

Recommendations

To mitigate this vulnerability, add a check in the execute function to verify that the proposer's voting power is still above the proposal threshold before executing the proposal. Here is an example of how to implement this:

function execute(uint256 proposalId) external override nonReentrant {

ProposalCore storage proposal = _proposals[proposalId];

if (proposal.executed) revert ProposalAlreadyExecuted(proposalId, block.timestamp);

// Check if the proposer's voting power is still above the threshold

uint256 proposerVotes = _veToken.getVotingPower(proposal.proposer);

if (proposerVotes < proposalThreshold) {

revert InsufficientProposerVotes(proposal.proposer, proposerVotes, proposalThreshold, "Proposer lost required voting power");

}

ProposalState currentState = state(proposalId);

// Check if the proposal is in the correct state for execution

if (currentState == ProposalState.Succeeded) {

// Queue the proposal

_queueProposal(proposalId);

} else if (currentState == ProposalState.Queued) {

// Execute the queued proposal

_executeProposal(proposalId);

} else {

// If not in Succeeded or Queued state, revert

revert InvalidProposalState(

proposalId,

currentState,

currentState == ProposalState.Active ? ProposalState.Succeeded : ProposalState.Queued,

"Invalid state for execution"

);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!