Timelock Execution After Cancel
Summary
The current implementation of the governance contract allows for queued proposals to be executed even after they have been canceled by governance. This oversight can lead to significant issues, as it undermines the intent of the cancellation process and can result in unwanted actions being executed.
Current Code Issue
Issue Explanation
-
Canceling Proposal Doesn't Cancel Timelock Operations: When a proposal is canceled, the corresponding timelock operation remains pending and can still be executed after the specified delay.
-
Queued Proposals Execute After Governance Cancellation: If a proposal is queued in the timelock and then canceled by governance, the timelock will still execute the proposal after the delay, leading to actions that were intended to be aborted.
Attack Flow
A proposal is queued in the timelock.
Governance cancels the proposal.
The timelock still executes the proposal after the delay, despite the cancellation.
Recommended Mitigation
To address this vulnerability, the cancellation function should include logic to cancel any pending operations in the timelock when a proposal is canceled. This ensures that no actions are executed after a proposal has been canceled.
Proposed Code Update
Here’s how the cancel function could be modified to include this logic:
Conclusion
Implementing this change will ensure that queued proposals cannot be executed after they have been canceled by governance, thereby preserving the integrity of the governance process.
Lead Judging Commences
Governance::cancel and state lack synchronization with TimelockController
Governance::cancel and state lack synchronization with TimelockController
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.