Submission Details
Severity:
Lack of Proposal Uniqueness Due to Missing Duplicate Checks in Governance::propose
Summary
The propose function in the Governance contract doesn’t prevent identical proposals (same targets, values, calldatas, description) from being created multiple times, allowing spam and clutter.
Vulnerability Details
The
proposefunction does not check for the uniqueness of proposals before creating them.A proposal is uniquely identified by its
targets,values,calldatas, anddescription. However, no validation exists to ensure that a proposal with the same parameters has not already been created.
function propose(
address[] memory targets,
uint256[] memory values,
bytes[] memory calldatas,
string memory description,
ProposalType proposalType
) external override returns (uint256) {
...
// No check for duplicate proposals
uint256 proposalId = _proposalCount++;
...
}
Impact
Tools Used
Recommendations
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
Governance generates non-unique timelock operation IDs for different proposals with identical parameters, allowing timelock bypass and proposal DoS attacks
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
Governance generates non-unique timelock operation IDs for different proposals with identical parameters, allowing timelock bypass and proposal DoS attacks
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.