Submission Details
Severity:
No check for active proposal when casting a vote
Summary
lack of an active proposal check in castVote function permits votes to be cansted on non active proposals
Vulnerability Details
n the Governance.sol contract, the function castVote is responsible for allowing veRAAC token holders to vote on proposals. However , there is no check to enusre that votes are casted on active proposal
function castVote(uint256 proposalId, bool support) external override returns (uint256) {
ProposalCore storage proposal = _proposals[proposalId];
if (proposal.startTime == 0) revert ProposalDoesNotExist(proposalId);
if (block.timestamp < proposal.startTime) {
revert VotingNotStarted(proposalId, proposal.startTime, block.timestamp);
}
if (block.timestamp > proposal.endTime) {
revert VotingEnded(proposalId, proposal.endTime, block.timestamp);
}
ProposalVote storage proposalVote = _proposalVotes[proposalId];
if (proposalVote.hasVoted[msg.sender]) {
revert AlreadyVoted(proposalId, msg.sender, block.timestamp);
}
uint256 weight = _veToken.getVotingPower(msg.sender);
if (weight == 0) {
revert NoVotingPower(msg.sender, block.number);
}
proposalVote.hasVoted[msg.sender] = true;
if (support) {
proposalVote.forVotes += weight;
} else {
proposalVote.againstVotes += weight;
}
emit VoteCast(msg.sender, proposalId, support, weight, "");
return weight;
}
Impact
Votes may be cast on proposals that are no longer active
Tools Used
Manual Review
Recommendations
Add this extra line in the function
require(state(proposalId) == ProposalState.Active, "Governor: vote not currently active");
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
Governance::castVote lacks canceled/executed proposal check, allowing users to waste gas voting on proposals that can never be executed
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
Governance::castVote lacks canceled/executed proposal check, allowing users to waste gas voting on proposals that can never be executed
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.