Lines of code
<https://github.com/code-423n4/2023-12-autonolas/blob/main/governance/contracts/GovernorOLAS.sol#L14-L15>
In the “GovernorOLAS.sol” contract, as the comment line supports the OpenZeppelin functions are used as is. However, the inherited OpenZeppelin 4.8.3 library exposes a signature replay vulnerability due to the lack of use of nonce in the castVoteWithReasonAndParamsBySig() functions in “Governor.sol”.
Due to the lack of a nonce, castVoteWithReasonAndParamsBySig() can be called multiple times with the same signature.
Therefore, if a user provides a signature to use a portion of his votes, an attacker can repeatedly call castVoteWithReasonAndParamsBySig() with the same signature to use up more votes than the user originally intended.
You can also check out this report for the same finding: code-423n4/2023-08-arbitrum-findings#252
Manual Review
Consider adding signature replay protection to the castVoteWithReasonAndParamsBySig() function using nonce. You can also use the latest version of Openzeppelin, which has the nonce feature already added.
Library
The text was updated successfully, but these errors were encountered:
All reactions