Core Contracts

Summary

Governance::propose function has a vulnerability: an attacker can spam the system with multiple identical proposals, making it difficult for users to determine which one is the legitimate proposal they should vote on. This creates confusion and undermines the integrity of the voting process. Users are left guessing which proposal ID represents the real one—why should they blindly trust one arbitrary number over another?

Details

Governance::propose function does not enforce uniqueness constraints on proposal content (e.g., title, description, etc.). An attacker can repeatedly create identical proposals with the same content but different proposalIds, causing confusion among voters. This can lead to vote splitting or malicious actions being camouflaged within similar-looking proposals.

Impact :

• Vote Splitting : Users may distribute votes across duplicate proposals, diluting support for the legitimate proposal.

• Malicious Actions : Attackers can hide malicious proposals among duplicates, tricking users into voting for harmful changes.

Proof of Concept :

An attacker can front-run, sandwich, or back-run legitimate proposals by creating multiple identical ones with slight variations in proposalId. Users will struggle to identify the real proposal.

Consider the following scenario:

1. A legitimate proposal (ID=5) is created with title "Fund Project X".

2. An attacker front-runs/sandwiches/back-runs with identical-looking proposals (IDs=4,6,7).

3. Users see multiple identical proposals and don't know which to trust.

Why the Code is Vulnerable

No Content Uniqueness Check:

• The code does not check if an identical proposal already exists (e.g., by storing a hash of proposal content).

• Attackers can repeatedly call proposalId with the same values, description, etc., generating new proposalId each time.

Recommendation

• You can hash the content and track it.

• Enforce uniqueness of proposal content

• Or you can go with requiring a non-refundable deposit (or lock tokens) when creating a proposal, making spam costly.

Conclusion :

This vulnerability undermines the integrity of the voting process. Implementing uniqueness checks and additional safeguards is critical to prevent abuse.