Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Unrestricted Voting on Cancelled and Executed Proposals in Governance::castVote Function

Fortis Audits

Summary

The cast function in the Governance contract currently permits users to vote on proposals that have been either cancelled or executed. This oversight can lead to governance manipulation and inconsistencies within the contract's state.

Vulnerability Details

  • Issue: The function lacks checks to determine whether a proposal has been cancelled or executed before allowing a vote.

  • Missing Validations:

    • Cancelled Proposals: There is no condition to prevent voting on proposals that have been cancelled.

    • Executed Proposals: Similarly, the function does not check if a proposal has already been executed.

Impact

  • Governance Manipulation: Allowing votes on cancelled or executed proposals can lead to unauthorized influence over governance decisions.

  • State Inconsistency: Voting on such proposals may result in discrepancies within the contract's state, affecting its integrity.

Tools Used

Manual Review

Recommendations

Implement additional checks within the castVote function to ensure that only active proposals can be voted upon.

function castVote(uint256 proposalId, bool support) external override returns (uint256) {
ProposalCore storage proposal = _proposals[proposalId];
++ ProposalState currentState = state(proposalId);
++ require(currentState == ProposalState.Active, "Proposal is not active");
-- if (proposal.startTime == 0) revert ProposalDoesNotExist(proposalId);
-- if (block.timestamp < proposal.startTime) {
-- revert VotingNotStarted(proposalId, proposal.startTime, block.timestamp);
-- }
-- if (block.timestamp > proposal.endTime) {
-- revert VotingEnded(proposalId, proposal.endTime, block.timestamp);
-- }
ProposalVote storage proposalVote = _proposalVotes[proposalId];
if (proposalVote.hasVoted[msg.sender]) {
revert AlreadyVoted(proposalId, msg.sender, block.timestamp);
}
uint256 weight = _veToken.getVotingPower(msg.sender);
if (weight == 0) {
revert NoVotingPower(msg.sender, block.number);
}
proposalVote.hasVoted[msg.sender] = true;
if (support) {
proposalVote.forVotes += weight;
} else {
proposalVote.againstVotes += weight;
}
emit VoteCast(msg.sender, proposalId, support, weight, "");
return weight;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Governance::castVote lacks canceled/executed proposal check, allowing users to waste gas voting on proposals that can never be executed

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Governance::castVote lacks canceled/executed proposal check, allowing users to waste gas voting on proposals that can never be executed

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.