Core Contracts

Summary

In the Governance.sol contract the cancel function can be called by anyone if the proposer's voting power drops below the proposal threshold over time, allowing malicious actors to cancel proposals.

Vulnerability Details

The vulnerability arises from the cancel function, which allows anyone to cancel a proposal if the proposer's voting power drops below the proposal threshold. Since the voting power of a proposer decays linearly over time due to the nature of it, it is possible for the proposer's voting power to drop below the threshold during the proposal's lifecycle. This allows any user to call the cancel function and cancel the proposal, even if the proposer initially had sufficient voting power.

Example Scenario

Consider the following scenario:

1. A user creates a proposal with sufficient voting power (e.g., 150,000) above the proposal threshold (e.g., 100,000).

2. Over time, the user's voting power decays linearly due to the nature of its calculation.

3. Before the proposal is executed, the user's voting power drops below the proposal threshold (e.g., to 90,000).

4. Any user can now call the cancel function and cancel the proposal, even if the proposal had significant support.

Impact

By allowing anyone to cancel a proposal if the proposer's voting power drops below the threshold, the protocol introduces a potential attack vector where malicious actors can disrupt the governance process. Proposals that have significant support and are close to execution can be canceled, undermining the integrity and reliability of the governance system. This can lead to frustration among users and a lack of trust in the protocol's governance mechanisms.

Tools Used

Manual Review

Recommendations

To mitigate this vulnerability, update the cancel function to restrict cancellation to a whitelist of users or abolish the cancel functionality as a whole.