Only the state()
of the latest proposal can be checked
#254
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/Plex-Engineer/lending-market/blob/755424c1f9ab3f9f0408443e6606f94e4f08a990/contracts/Governance/GovernorBravoDelegate.sol#L115
Vulnerability details
Impact
state()
function cannot view the state from any proposal except for the latest one.Proof of Concept
Currently
proposalCount
needs to be bigger or equal toproposalId
.Assuming
proposalId
is incremented linearly in conjunction withproposalCount
, this implies only the most recentproposalId
will pass therequire()
check above. All other proposals will not be able to have their states checked via this function.Tools Used
Manual Review.
Recommended Mitigation Steps
Change above function to
proposalCount <= proposalId
(assumingproposalId
is set linearly, which currently is not enforced by code).The text was updated successfully, but these errors were encountered: