Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Lack of a veto power in Govenance.sol allows for 51% attacks.

inh3l

Summary

The veto power is important functionality in a governance system in order to protect from malicious proposals. Govenance.sol lacks this functionality, as a result, the protocol is vulnerable to 51% attacks.

Vulnerability Details

In Governance.sol, proposals can be made, voted on, and executed/cancelled through the timelock controller. Casting a vote on a proposal involves querying the user's voting power/weight and the for and against votes by the subsequent weight.

function castVote(uint256 proposalId, bool support) external override returns (uint256) {

ProposalCore storage proposal = _proposals[proposalId];

if (proposal.startTime == 0) revert ProposalDoesNotExist(proposalId);

if (block.timestamp < proposal.startTime) {

revert VotingNotStarted(proposalId, proposal.startTime, block.timestamp);

}

if (block.timestamp > proposal.endTime) {

revert VotingEnded(proposalId, proposal.endTime, block.timestamp);

}

ProposalVote storage proposalVote = _proposalVotes[proposalId];

if (proposalVote.hasVoted[msg.sender]) {

revert AlreadyVoted(proposalId, msg.sender, block.timestamp);

}

> uint256 weight = _veToken.getVotingPower(msg.sender);

if (weight == 0) {

revert NoVotingPower(msg.sender, block.number);

}

proposalVote.hasVoted[msg.sender] = true;

if (support) {

> proposalVote.forVotes += weight;

} else {

> proposalVote.againstVotes += weight;

}

emit VoteCast(msg.sender, proposalId, support, weight, "");

return weight;

}

While veRAAC tokens are non transferrable, actual raac token can be transferred and locked for veRAAC tokens. Nothing prevents a whale or a group of malicous actors from getting lot of raac tokens and keeping them under a central control e.g a smart contract. The tokens will then be locked for veRAAC tokens granting them a large voting power (potentially a large supply of all available veRAAC tokens).

With this power, proposals that cannot be challenged can be made and voted upon. Due to the now large voting power, quorum can be easily reached and the proposal can be executed or if a proposal is not supported by these users, voted against.

Impact

Since there's no veto power to vote against these types of proposals, it's possible for malicious actors to achieve a 51% attack on the governance system leading to a potential loss of DAO control.

Tools Used

Manual Review

Recommendations

Easiest way to fix this is to introduce a veto power in Governance.sol.
Another option would be adding a limit to the amount of veRAAC tokens that can be minted to a single account. This, why not very effective due to sybils, would go a long way towards limiting the possibility of a single addresse's hold over a large supply of veRAAC tokens.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!