Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Uninitialized `veRAACToken::proposalPowerSnapshots` Mapping Leading to Reverts in `veRAACToken::getVotingPowerForProposal`

0x23r0

Summary

The proposalPowerSnapshots mapping is never initialized or updated. This mapping is used in the getVotingPowerForProposal function to retrieve the voting power of an account at a specific proposal's snapshot block. However, since the mapping is never set, the function will always revert with InvalidProposal(), rendering it unusable. This issue affects the governance functionality of the protocol, as users cannot retrieve their voting power for proposals.

Vulnerability Details

The proposalPowerSnapshots mapping is intended to store the block number at which a proposal's voting power snapshot is taken. This snapshot is used to determine the voting power of users at the time of the proposal's creation. However, the mapping is never updated in the contract, meaning all entries remain uninitialized (i.e., 0).

In the getVotingPowerForProposal function, the following check is performed:

uint256 snapshotBlock = proposalPowerSnapshots[proposalId];

if (snapshotBlock == 0) revert InvalidProposal();

Since proposalPowerSnapshots[proposalId] is always 0, the function will always revert, making it impossible to retrieve voting power for any proposal.

The proposalPowerSnapshots mapping is never initialized or updated.
The getVotingPowerForProposal function relies on this mapping to retrieve the snapshot block for a proposal.
Since the mapping is never set, the function always reverts, breaking the governance functionality.

Impact

Users cannot retrieve their voting power for proposals, which may prevent them from participating in governance decisions.
The getVotingPowerForProposal function is rendered unusable.

Tools Used

Manual Review

Recommendations

To address this issue, the following steps should be taken:

Initialize proposalPowerSnapshots: Add a function to set the snapshot block for a proposal when it is created.
Update Governance Logic: Ensure that the governance module calls this function to initialize the snapshot block for each new proposal.

/**

* @notice Sets the snapshot block for a proposal

* @dev Can only be called by the governance module

* @param proposalId The ID of the proposal

function setProposalSnapshot(uint256 proposalId) external onlyGovernance {

require(proposalPowerSnapshots[proposalId] == 0, "Snapshot already set");

proposalPowerSnapshots[proposalId] = block.number;

emit ProposalSnapshotSet(proposalId, block.number);

}

When a new proposal is created, the governance module should call setProposalSnapshot to initialize the snapshot block:

// In the governance contract

function createProposal() external {

uint256 proposalId = nextProposalId++;

veToken.setProposalSnapshot(proposalId);

// Other proposal creation logic...

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.