Core Contracts

Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Submission Details
Severity: low
Valid

Governance's execute() is not payable

Summary

Governance's execute() is not payable.

Vulnerability Details

A governance proposal is mainly composed of targets, values and calldatas. values speicifies ETH values for calls, and the it is expected to send ETH when execute a proposal if the value in values is not 0.

However, execute() is not payable, this means no calls require ETH value can be executed.

Governance::execute()

function execute(uint256 proposalId) external override nonReentrant {

Impact

Proposals that need to send ETH value cannot be executed.

Tools Used

Manual Review

Recommendations

Considering make execute() payable.

- function execute(uint256 proposalId) external override nonReentrant {
+ function execute(uint256 proposalId) external override payable nonReentrant {
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Governance.execute lacks payable modifier and ETH forwarding mechanism, preventing proposals with ETH transfers from being executed through TimelockController

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Governance.execute lacks payable modifier and ETH forwarding mechanism, preventing proposals with ETH transfers from being executed through TimelockController

Appeal created

h2134 Submitter
3 months ago
inallhonesty Lead Judge
3 months ago
inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Governance.execute lacks payable modifier and ETH forwarding mechanism, preventing proposals with ETH transfers from being executed through TimelockController

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.