Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Canceled Proposal Voting Issue

TxGuard

Summary

The current implementation of the castVote function in the governance contract allows votes to be cast on proposals that have been canceled. This oversight can lead to wasted resources for voters and confusion regarding the status of proposals.

Current Code Issue

The relevant code snippet is as follows:

function castVote(...) {
// No check for proposal.canceled
}

Issue Explanation

  1. Lack of Canceled Check: The castVote function does not include a check to determine if the proposal has been canceled. This means that even if a proposal is marked as canceled by an admin, voters can still cast their votes during the voting period.

  2. Impact on Voter Resources: Voters may invest time and resources into voting for a proposal that has already been canceled. This not only wastes their efforts but also creates confusion regarding the status of the proposal.

  3. Votes Counted but Unused: Votes cast for a canceled proposal may still be counted in the system, leading to a false impression of support or opposition for that proposal. Since the proposal is canceled, these votes are effectively meaningless and cannot influence any decision-making.

Example Attack Scenario

  • Proposal Creation: A proposal is created and enters the voting period.

  • Proposal Cancellation: The admin cancels the proposal, but the system does not prevent further voting.

  • Voting Continues: Voters continue to cast their votes for the next 7 days, believing their votes will count.

  • Outcome: At the end of the voting period, the votes are counted, but since the proposal was canceled, they have no effect. This leads to wasted resources and potential confusion among voters.

Conclusion

This vulnerability is of high severity because it undermines the integrity of the voting process. Allowing votes to be cast on canceled proposals can lead to wasted resources, confusion, and a lack of trust in the governance system.

Recommended Mitigation

To address this vulnerability, the castVote function should include a check to determine if the proposal has been canceled before allowing any votes to be cast. This ensures that only valid proposals can receive votes.

Proposed Code Update

Here’s a simplified version of how the castVote function could be modified to include a check for proposal cancellation:

function castVote(uint256 proposalId, bool support) external {
Proposal storage proposal = proposals[proposalId];
// Check if the proposal has been canceled
if (proposal.canceled) {
revert ProposalCanceled(proposalId);
}
// Proceed with casting the vote
// ... existing voting logic ...
}

By implementing this change, the governance contract can prevent votes from being cast on canceled proposals, thereby preserving the integrity of the voting process and protecting voter resources.

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Governance::castVote lacks canceled/executed proposal check, allowing users to waste gas voting on proposals that can never be executed

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Governance::castVote lacks canceled/executed proposal check, allowing users to waste gas voting on proposals that can never be executed

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.