Submission Details
Severity:
Governance#castVote() can be called when proposal is canceled
Summary
The castVote() allows veToken holders to vote on proposals that have already been canceled.
Vulnerability Details
The castVote does not check whether the proposal has been canceled before allowing votes.
If a proposal is canceled, votes still count but become irrelevant since canceled proposals can never be executed.
This wastes gas fees for voters and can confuse users into believing they are influencing a governance decision.
Impact
veToken holders unknowingly vote on canceled proposals, leading to confusion
Tools Used
manual
Recommendations
Modify castVote() to check if the proposal is canceled before allowing votes.
function castVote(uint256 proposalId, bool support) external override returns (uint256) {
ProposalCore storage proposal = _proposals[proposalId];
+ if (proposal.canceled) revert ProposalCanceled(proposalId, block.timestamp);
if (proposal.startTime == 0) revert("Porposal canceled");
...
}
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
Governance::castVote lacks canceled/executed proposal check, allowing users to waste gas voting on proposals that can never be executed
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
Governance::castVote lacks canceled/executed proposal check, allowing users to waste gas voting on proposals that can never be executed
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.