Core Contracts

Summary

In the Governance.sol contract if a proposal is in a defeated state due to not meeting the quorum, it can be retried later. If the quorum requirement drops, the same proposal can be executed, which undermines the integrity of the governance process.

Vulnerability Details

The vulnerability arises from the fact that a proposal that has been defeated due to not meeting the quorum can be retried later. If the quorum requirement is lowered in the future, the same proposal can be executed even though it was previously defeated. This allows for potential manipulation of the governance process, where proposers can wait for a more favorable quorum requirement to pass their proposals.

Example Scenario

Consider the following scenario:

1. A proposal is created with a quorum requirement of 4% and a total voting power of 1,000,000, resulting in a required quorum of 40,000 votes.

2. The proposal fails to meet the quorum and is marked as defeated.

3. Later, the quorum requirement is lowered to 2%, resulting in a new required quorum of 20,000 votes.

4. The same proposal is retried and meets the new quorum requirement, allowing it to be executed.

This scenario demonstrates how a proposal that was previously defeated can be retried and executed by manipulating the quorum requirement.

Impact

By allowing defeated proposals to be retried, the protocol introduces a potential attack vector where proposers can manipulate the quorum requirement to pass their proposals. This undermines the integrity and fairness of the governance process, as proposals that were previously defeated can be executed under more favorable conditions. It can lead to governance decisions that do not reflect the true consensus of the community and erode trust in the protocol's governance mechanisms.

Tools Used

Manual Review

Recommendations

To mitigate this vulnerability, implement a mechanism to ensure that once a proposal is in a defeated state, it cannot be retried.