Incorrect Voting Window Check in `castVote` Function
Summary
The castVote function in the governance contract allows veToken holders to vote on active proposals. However, the check for whether voting has ended incorrectly uses > instead of >=, which means that voting is still allowed when block.timestamp is exactly equal to proposal.endTime.
Vulnerability Details
-
The function currently checks:
if (block.timestamp > proposal.endTime) {revert VotingEnded(proposalId, proposal.endTime, block.timestamp);} -
This allows votes to be cast when
block.timestamp == proposal.endTime, which may not align with the intended voting period restrictions. -
If the expectation is that voting should strictly close at the
endTime, then>=should be used instead.
Impact
Users may be able to vote at the exact end time of the proposal, which may not be the intended behavior.
Could lead to discrepancies in governance decisions if the final vote is cast after the expected deadline.
Tools Used
Manual code review
Recommendations
-
Modify the condition to correctly prevent voting when
block.timestampreachesproposal.endTime:if (block.timestamp >= proposal.endTime) {revert VotingEnded(proposalId, proposal.endTime, block.timestamp);} -
Ensure that proposal deadlines are consistently enforced across all governance-related functions.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.