Incorrect Proposal Cancellation Logic in Governance Contract
Summary
The cancel() function in the Governance contract contains a faulty conditional check that allows malicious actors to cancel valid active proposals even when the proposer retains sufficient voting power. This introduces a governance flaw where legitimate proposals can be arbitrarily removed, disrupting governance and decision-making processes.
Vulnerability Details
Issue in cancel() Function:
The function intends to allow cancellation if:
The caller is the proposer.
The proposer's voting power has dropped below the required threshold.
However, the implemented check:
Flaws:
The condition allows anyone to cancel a valid active proposal if the proposer's voting power is still above the threshold.
This creates a significant governance risk where active proposals can be maliciously removed.
A legitimate proposal with an eligible proposer can be canceled by external actors, disrupting governance operations.
Impact
Malicious actors can cancel valid active proposals.
Proposers lose control over their valid proposals.
Disrupts governance by arbitrarily removing proposals.
External manipulation of governance processes.
Tools Used
Manual
Recommendations
Consider making the following fix:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.