Handle

cmichel

Vulnerability details

The GovernorAlpha’s council cannot veto proposals that perform a call to the contract itself.
This can be exploited by malicious proposal creators by appending a new call at the end of their proposal that simply calls an innocent function like GovernorAlpha.votingDelay().

Impact

The veto procedure can easily be circumvented, making the council unable to veto.

Recommended Mitigation Steps

The veto check must be further restricted by specifying the actual function selector that is not allowed to be vetoed, like changeCouncil.

The text was updated successfully, but these errors were encountered:

All reactions