Core Contracts

Summary

Inverted cancellation logic in Governance.sol allows unauthorized cancellation of proposals, undermining governance security.

Vulnerability Details

The cancel function in Governance.sol incorrectly allows proposal cancellation by anyone if the proposer's voting power is still above the proposal threshold. The intended logic was to allow cancellation only if the proposer's voting power drops below the threshold, or by the proposer themselves. The current condition:

This condition incorrectly reverts if the proposer's voting power is ABOVE the threshold, allowing cancellation by others when it should not be permitted.

Impact

Undermined governance and potential for manipulation. Malicious actors, or even unintentional users, can cancel legitimate proposals even if the proposer maintains sufficient voting power. This disrupts the intended governance process, allows censorship of proposals, and potentially enables malicious actors to prevent legitimate governance actions from being executed. This flaw directly compromises the integrity of the governance system.

Tools Used

Recommendations

1. Immediate Mitigation: Correct the cancellation condition in Governance.sol.cancel to check if the proposer's voting power is BELOW the proposal threshold:

1. Code Review: Thoroughly review the cancel function and related logic in Governance.sol to ensure the corrected condition aligns with the intended governance design.

2. Testing: Implement unit tests specifically to verify the corrected cancel function logic, ensuring that cancellation is only possible by the proposer or when the proposer's voting power falls below the threshold.