Voting still possible on canceled proposals
Summary
In the governance system, veToken holders can vote on active proposals via Governance.sol::castVote(). However, the contract does not properly check if a proposal has already been canceled before allowing users to cast their vote.
As a result, users can still submit votes on proposals that are no longer valid, leading to unnecessary and ineffective voting.
Impact
Users can vote on proposals that have already been canceled, resulting in useless voting and unnecessary gas costs.
PoC
A governance proposal is created and open for voting.
Some users start voting.
The proposal is later canceled
Despite being canceled, users can still cast votes using castVote().
Tools Used
Manual review
Recommendations
Add check in castVote that ensures the proposal is not canceled.
For example add this code:
Lead Judging Commences
Governance::castVote lacks canceled/executed proposal check, allowing users to waste gas voting on proposals that can never be executed
Governance::castVote lacks canceled/executed proposal check, allowing users to waste gas voting on proposals that can never be executed
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.