Anubis - GovernorBravoDelegate - Lack of Input Validation for Administrative Functions

[sherlock-admin2]

Anubis

medium

GovernorBravoDelegate - Lack of Input Validation for Administrative Functions

Summary

Several administrative functions in the contract lack adequate input validation or checks, potentially allowing for configuration of governance parameters to invalid or unsafe values.

Vulnerability Detail

The contract includes several administrative functions (e.g., _setVotingDelay, _setVotingPeriod, _setProposalThreshold) that are used to configure critical governance parameters. However, not all these functions have comprehensive checks to validate the input parameters, potentially allowing for the governance parameters to be set to values that could disrupt the governance process.

Impact

Improper validation of input parameters for administrative functions can lead to the configuration of governance parameters that are either too lenient or too strict, potentially making the governance process vulnerable to manipulation or rendering it inoperable.

Code Snippet

https://github.com/sherlock-audit/2024-01-olympus-on-chain-governance/blob/main/bophades/src/external/governance/GovernorBravoDelegate.sol#L470-L479

https://github.com/sherlock-audit/2024-01-olympus-on-chain-governance/blob/main/bophades/src/external/governance/GovernorBravoDelegate.sol#L485-L494

Tool used

Manual Review

Recommendation

Implement comprehensive input validation for all administrative functions that modify governance parameters. Ensure that all input parameters are within safe and sensible ranges, and consider adding additional logic to prevent parameters from being set to values that could compromise the integrity or operability of the governance process.

Duplicate of #21