Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Incorrect Quorum Calculation in Governance::quorum

0xbz

Summary

The quorum function in the Governance contract calculates the required quorum as (_veToken.getTotalVotingPower() * quorumNumerator) / QUORUM_DENOMINATOR. However, if the quorumNumerator is updated via the setParameter function during an ongoing vote, it affects all active proposals. This introduces a vulnerability where quorum requirements can be altered mid-vote, potentially causing proposals to unexpectedly fail or succeed.

Vulnerability Details

https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/governance/proposals/Governance.sol#L353

The quorum function calculates the required quorum as (_veToken.getTotalVotingPower() * quorumNumerator) / QUORUM_DENOMINATOR, but updating quorumNumerator via setParameter affects all ongoing proposals, potentially altering quorum requirements mid-vote.

  • quorum() calculates: (totalVotingPower * quorumNumerator) / 100

  • Default: (totalVotingPower * 4) / 100 = 4% of total veRAAC supply.

  • quorumNumerator is adjustable via setParameter (range: 2–20).

  • state calls quorum() live when determining if a proposal is Defeated or Succeeded.

  • If quorumNumerator changes during the voting period (startTime toendTime, default 7 days), the requiredQuorum for an active proposal updates immediately.`

Example

  • Total veRAAC supply = 100M.

  • Proposal 1 starts with quorumNumerator = 4 → Required quorum = 4M votes.

  • Day 3 of voting: 3M votes cast (for: 2M, against: 1M) → Below quorum, still Active.

  • Owner calls setParameter(QuorumNumerator, 2) → New quorum = 2M votes.

  • state(1) now returns Succeeded (3M > 2M, for > against), even though voters expected 4M.

  • Reverse case: Increase to 10 (10M quorum) → Fails mid-vote despite nearing 4M.

Updating quorumNumerator mid-vote retroactively changes the quorum requirement for ongoing proposals, altering their outcome unpredictably.

Impact

  • Proposals may pass or fail due to changes in the quorum requirements during their voting period

  • Voters assess proposals based on the quorum at creation (e.g., 4%). Mid-vote changes (e.g., to 2% or 10%) shift the goalposts, making outcomes inconsistent with initial expectations.

Tools Used

Recommendations

  • Modify the propose function to store the quorum requirement (quorumNumerator) at the time of proposal creation.

  • Also store quorumNumerator for each proposal instead of the global value.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Governance allows execution of previously-defeated proposals if quorum requirements are later lowered, enabling unexpected resurrection of old proposals

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Governance allows execution of previously-defeated proposals if quorum requirements are later lowered, enabling unexpected resurrection of old proposals

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!