Proposals overwrite #201
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Lines of code
https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Governance.sol#L167
https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Governance.sol#L66
Vulnerability details
Impact
It is possible to overwrite proposals in certain circumstances. The method
Governance.submitProposal
doesn't check if theproposalId
(stored in a different contract) exists already as a valid proposal ingetProposalMetadata
.Proof of Concept
If the project update the kernel module "
INSTR
" and reconfigure proposals and callINSTR.store(instructions_);
, the counter may return aproposalId
of an existing proposal and overwrite an existing previous one.This is due to the fact that the proposals are saved in a mapping of a contract that is not related to the one that returns the counters, and furthermore, they do not check that the record already exists.
Recommended Mitigation Steps
INSTR
contract or ensure that the proposal doesn't exists.The text was updated successfully, but these errors were encountered: