Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Proposal Can Get Stuck in Timelock Due to Lost Quorum

waydou

Summary

In the execute A proposal is executed in two steps, it should be in a succeded state to be queued and then queued to be executed, However A proposal that was that was successfully queued in the timelock can become defeated due to lost quorum, requiring it to be re-queued with a new timelock delay. This creates an inefficient loop where a proposal could continuously need to be re-queued if quorum fluctuates.

Vulnerability Details

The proposal execution flow:

function execute(uint256 proposalId) external override nonReentrant {

ProposalState currentState = state(proposalId);

if (currentState == ProposalState.Succeeded) {

_queueProposal(proposalId); // Starts timelock delay

} else if (currentState == ProposalState.Queued) {

_executeProposal(proposalId);

}

What can happen:

Proposal reaches Succeeded state and is queued
During timelock delay, quorum drops
State becomes Defeated due to lost quorum
When trying to execute after timelock, it reverts
If quorum is regained, state goes back to Succeeded
Must be queued again with new timelock delay
This cycle can repeat indefinitely

Impact

Tools Used

Medium. This creates potential indefinite delays in proposal execution

Recommendations

Consider modifying the state function to respect timelock queuing:

function state(uint256 proposalId) public view returns (ProposalState) {

// ...

bytes32 id = _timelock.hashOperationBatch(...);

// If queued in timelock, maintain Queued state regardless of current quorum

if (_timelock.isOperationPending(id)) {

return ProposalState.Queued;

}

// Only check quorum for non-queued proposals

if (currentQuorum < requiredQuorum || proposalVote.forVotes <= proposalVote.againstVotes) {

return ProposalState.Defeated;

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Governance::quorum uses current total voting power instead of proposal creation snapshot, allowing manipulation of threshold requirements to force proposals to pass or fail

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Governance::quorum uses current total voting power instead of proposal creation snapshot, allowing manipulation of threshold requirements to force proposals to pass or fail

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!