You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
GovernorBravoDelegate - Lack of Input Validation for Administrative Functions
Summary
Several administrative functions in the contract lack adequate input validation or checks, potentially allowing for configuration of governance parameters to invalid or unsafe values.
Vulnerability Detail
The contract includes several administrative functions (e.g., _setVotingDelay, _setVotingPeriod, _setProposalThreshold) that are used to configure critical governance parameters. However, not all these functions have comprehensive checks to validate the input parameters, potentially allowing for the governance parameters to be set to values that could disrupt the governance process.
Impact
Improper validation of input parameters for administrative functions can lead to the configuration of governance parameters that are either too lenient or too strict, potentially making the governance process vulnerable to manipulation or rendering it inoperable.
Implement comprehensive input validation for all administrative functions that modify governance parameters. Ensure that all input parameters are within safe and sensible ranges, and consider adding additional logic to prevent parameters from being set to values that could compromise the integrity or operability of the governance process.
sherlock-admin2
changed the title
Helpful Denim Salmon - GovernorBravoDelegate - Lack of Input Validation for Administrative Functions
Anubis - GovernorBravoDelegate - Lack of Input Validation for Administrative Functions
Jan 30, 2024
Anubis
medium
GovernorBravoDelegate - Lack of Input Validation for Administrative Functions
Summary
Several administrative functions in the contract lack adequate input validation or checks, potentially allowing for configuration of governance parameters to invalid or unsafe values.
Vulnerability Detail
The contract includes several administrative functions (e.g., _setVotingDelay, _setVotingPeriod, _setProposalThreshold) that are used to configure critical governance parameters. However, not all these functions have comprehensive checks to validate the input parameters, potentially allowing for the governance parameters to be set to values that could disrupt the governance process.
Impact
Improper validation of input parameters for administrative functions can lead to the configuration of governance parameters that are either too lenient or too strict, potentially making the governance process vulnerable to manipulation or rendering it inoperable.
Code Snippet
https://github.com/sherlock-audit/2024-01-olympus-on-chain-governance/blob/main/bophades/src/external/governance/GovernorBravoDelegate.sol#L470-L479
https://github.com/sherlock-audit/2024-01-olympus-on-chain-governance/blob/main/bophades/src/external/governance/GovernorBravoDelegate.sol#L485-L494
Tool used
Manual Review
Recommendation
Implement comprehensive input validation for all administrative functions that modify governance parameters. Ensure that all input parameters are within safe and sensible ranges, and consider adding additional logic to prevent parameters from being set to values that could compromise the integrity or operability of the governance process.
Duplicate of #21
The text was updated successfully, but these errors were encountered: