Lines of code
<https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/governance/package.json#L28>
<https://github.com/OpenZeppelin/openzeppelin-contracts/blob/0a25c1940ca220686588c4af3ec526f725fe2582/contracts/governance/Governor.sol#L263>
<https://github.com/OpenZeppelin/openzeppelin-contracts/blob/0a25c1940ca220686588c4af3ec526f725fe2582/contracts/governance/compatibility/GovernorCompatibilityBravo.sol#L107>
The GovernorOLAS contract inherits from OpenZeppelin’s GovernorCompatibilityBravo v4.8.3, which has a known vulnerability in the proposal creation process that can be exploited to halt proposals sent to the governor.
The root cause of this vulnerability is the exposure of the cancel() function. This can be exploited by a malicious user by frontrunning a call to propose() in the mempool. The attacker can submit the exact same proposal and then call cancel() on their proposal, effectively blocking the original proposal.
This vulnerability can lead to a denial of service attack on the governance system, preventing legitimate proposals from being processed.
For more details, refer to OpenZeppelin’s security advisory and this vulnerability report.
Consider the following scenario:
Manual review
Upgrade @openzeppelin/contracts to version v4.9.1 or later, which introduces opt-in frontrunning protection.
Governance
The text was updated successfully, but these errors were encountered:
All reactions