Submission Details
Severity:
Governance's execute() is not payable
Summary
Governance's execute() is not payable.
Vulnerability Details
A governance proposal is mainly composed of targets, values and calldatas. values speicifies ETH values for calls, and the it is expected to send ETH when execute a proposal if the value in values is not 0.
However, execute() is not payable, this means no calls require ETH value can be executed.
function execute(uint256 proposalId) external override nonReentrant {
Impact
Proposals that need to send ETH value cannot be executed.
Tools Used
Manual Review
Recommendations
Considering make execute() payable.
- function execute(uint256 proposalId) external override nonReentrant {
+ function execute(uint256 proposalId) external override payable nonReentrant {
Updates
Lead Judging Commences
inallhonesty 3 months ago
Submission Judgement Published Assigned finding tags:
Governance.execute lacks payable modifier and ETH forwarding mechanism, preventing proposals with ETH transfers from being executed through TimelockController
inallhonesty 3 months ago
Submission Judgement Published Assigned finding tags:
Governance.execute lacks payable modifier and ETH forwarding mechanism, preventing proposals with ETH transfers from being executed through TimelockController
Appeal created
h2134
3 months ago
inallhonesty
3 months ago
inallhonesty 3 months ago
Submission Judgement Published Assigned finding tags:
Governance.execute lacks payable modifier and ETH forwarding mechanism, preventing proposals with ETH transfers from being executed through TimelockController
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.