Core Contracts

Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Submission Details
Severity: medium
Invalid

Automatic Cancellation Not Implemented in the Cancel Function in Governance Contract

Summary

The cancel function is designed (according to its documentation) to automatically cancel a proposal if the proposer’s voting power falls below the required threshold. However, the current implementation does not perform automatic cancellation. Instead, the function only reverts if the proposer’s voting power is insufficient when a non-proposer attempts to cancel, and it does not trigger the cancellation when the proposer’s voting power drops below the threshold.

Vulnerability Details

  • Affected Function:

    function cancel(uint256 proposalId) external override {
    ProposalCore storage proposal = _proposals[proposalId];
    if (proposal.startTime == 0) revert ProposalDoesNotExist(proposalId);
    ProposalState currentState = state(proposalId);
    if (currentState == ProposalState.Executed) {
    revert InvalidProposalState(proposalId, currentState, ProposalState.Active, "Cannot cancel executed proposal");
    }
    // Only proposer or if proposer's voting power dropped below threshold
    if (msg.sender != proposal.proposer &&
    _veToken.getVotingPower(proposal.proposer) >= proposalThreshold) {
    revert InsufficientProposerVotes(proposal.proposer,
    _veToken.getVotingPower(proposal.proposer), proposalThreshold, "Proposer lost required voting power");
    }
    proposal.canceled = true;
    emit ProposalCanceled(proposalId, msg.sender, "Proposal canceled by proposer");
    }
  • Issue:
    The comment indicates that the proposal should be automatically cancelled if the proposer’s voting power drops below the required threshold. However, the current code does not automatically cancel the proposal. Instead, it only prevents the cancellation by others if the proposer still meets the voting power requirement, and does not trigger cancellation if the proposer’s voting power decreases.

  • Expected Behavior:
    The proposal should be cancelled automatically when the proposer’s voting power falls below the required threshold, without requiring an external cancellation call. Alternatively, it should allow any user to cancel the proposal if the proposer’s voting power is insufficient, without relying on the proposer’s action.

Impact

  • Inconsistent Proposal State:
    Proposals may remain active even after the proposer’s voting power drops below the required threshold, potentially undermining the governance process and causing confusion regarding proposal status.

Tools Used

  • Manual Code Review

Recommendations

  1. Implement Automatic Cancellation:
    Update the cancel function (or create a separate mechanism) to automatically cancel proposals when the proposer’s voting power falls below the threshold, without requiring any external call to check voting power.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.