Core Contracts

Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Submission Details
Severity: low
Valid

Imprecise Voting Window End Condition

Summary

The castVote function's end-time validation uses a > operator instead of >=, allowing votes to be cast exactly at the proposal's end time.

Vulnerability Details

Current implementation:

if (block.timestamp > proposal.endTime) {
revert VotingEnded(proposalId, proposal.endTime, block.timestamp);
}

This allows voting when block.timestamp equals proposal.endTime, potentially violating intended voting window constraints.

Impact

  • Possibility of votes being cast at the exact deadline

  • Potential inconsistency with expected governance timing rules

Tools Used

  • Manual code review

Recommendations

  • Update the time check to use >=:

if (block.timestamp >= proposal.endTime) {
revert VotingEnded(proposalId, proposal.endTime, block.timestamp);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Governance::state and Governance::castVote use inconsistent time boundary checks, allowing votes at exactly proposal.endTime when state shows inactive

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.