Party can be locked due to not being able to pass and proposals
uint96 votingPower = party.getVotingPowerAt(
msg.sender,
proposalValues.proposedTime - 1,
snapIndex
);
uint96 newVotes = votes + votingPower;
// Check if the vote to veto is passing
PartyGovernance.GovernanceValues memory governanceValues = party.getGovernanceValues();
if (
_areVotesPassing(
newVotes,
governanceValues.totalVotingPower,
governanceValues.passThresholdBps
)
) {
// If so, veto the proposal and clear the vote count
party.veto(proposalId);
delete vetoVotes[party][proposalId];
} else {
// If not, update the vote count
vetoVotes[party][proposalId] = newVotes;
}
When users are casting votes to veto a proposal it never tracks that the user has voted allowing the same user to vote repeatedly and veto any proposal they wish. This allows any party that uses this as the host to be locked by a single malicious user, because they are able to veto every single proposal.
Manual Review
Add a mapping to track which users have voted
The text was updated successfully, but these errors were encountered:
All reactions