Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Automatic Cancellation Not Implemented in Cancel Function in Governance Contract

xcrypt

Summary

The cancel function is documented (in comments) to allow "automatic cancellation if the proposer loses required voting power." However, the implementation does not automatically cancel proposals when the proposer's voting power falls below the threshold. Instead, the function reverts if proposer's voting power falls below threshold, meaning cancellation is not automatic executed.

Vulnerability Details

Affected Function:

function cancel(uint256 proposalId) external override {
ProposalCore storage proposal = _proposals[proposalId];
if (proposal.startTime == 0) revert ProposalDoesNotExist(proposalId);

ProposalState currentState = state(proposalId);
if (currentState == ProposalState.Executed) {
revert InvalidProposalState(proposalId, currentState, ProposalState.Active, "Cannot cancel executed proposal");
}

// Only proposer or if proposer's voting power dropped below threshold
if (msg.sender != proposal.proposer &&
_veToken.getVotingPower(proposal.proposer) >= proposalThreshold) {
revert InsufficientProposerVotes(proposal.proposer,
_veToken.getVotingPower(proposal.proposer), proposalThreshold, "Proposer lost required voting power");
}

proposal.canceled = true;
emit ProposalCanceled(proposalId, msg.sender, "Proposal canceled by proposer");
}
Issue:
The comment states that the proposal should be automatically cancelled if the proposer's voting power falls below the required threshold. However, the function merely reverts if a non-proposer calls cancel while the proposer still holds sufficient voting power, and does nothing to trigger automatic cancellation when the threshold is no longer met.
Expected Behavior:
The proposal should be cancelled automatically (or at least allow any user to cancel without reverting) once the proposer's voting power drops below proposalThreshold. This could be achieved by automatically setting proposal.canceled = true without requiring an external call that checks the voting power.

Impact

Inconsistent Proposal State:
Proposals may remain active even after the proposer's voting power falls below the required threshold, which could undermine the governance process.

Tools Used

Manual Code Review

Recommendations

Implement Automatic Cancellation Logic:
Modify the cancel function (or add a separate mechanism) to automatically cancel proposals when the proposer's voting power drops below the threshold without requiring an external cancellation call.
Update Documentation:
Ensure that the documentation accurately reflects the implemented behavior if automatic cancellation is not feasible, or update the code to match the intended functionality.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!