Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-04-PARTY-FINDINGS-ISSUES-16
HistoryApr 13, 2023 - 12:00 a.m.

Voters can call VetoProposal.voteToVeto() as many times as they like.

2023-04-1300:00:00
Code4rena
github.com
7
vetoproposal
votetoveto
threshold
multiple votes
vulnerability
mitigation
partygovernance
mapping
JSON

Lines of code

Vulnerability details

Impact

Each voter can veto a proposal if they want by calling voteToVeto() several times to pass the passThresholdBps.

Proof of Concept

Every voter shouldn’t vote several times, otherwise, the voting system will be broken.

But voteToVeto() doesn’t check the already voted users and it can be called as many times.

The below POC shows the case.

    function test_CanVoteManyTimes() public {
        _assertProposalStatus(PartyGovernance.ProposalStatus.Voting);

        // Vote to veto
        vm.prank(voter1);
        vetoProposal.voteToVeto(party, proposalId, 0);

        _assertProposalStatus(PartyGovernance.ProposalStatus.Voting);
        assertEq(vetoProposal.vetoVotes(party, proposalId), 1e18);

        // The same voter can vote again and again
        vm.prank(voter1);
        vetoProposal.voteToVeto(party, proposalId, 0);

        _assertProposalStatus(PartyGovernance.ProposalStatus.Defeated);
    }

Tools Used

Manual Review

Recommended Mitigation Steps

We should add a mapping like hasVoted in PartyGovernance contract to ensure each voter can’t vote several times.

The text was updated successfully, but these errors were encountered:

All reactions

JSON