[Lines of code](https://github.com/code-423n4/2022-08-nounsdao/blob/main/contracts/governance/NounsDAOLogicV1.sol#L530) # Vulnerability details ## Impact In both the **NounsDAOLogicV1** and **NounsDAOLogicV2** contracts, only admin is able to change the voting parameters which includes : * VotingDelay * VotingPeriod * ProposalThresholdBPS * MinQuorumVotesBPS * MaxQuorumVotesBPS * QuorumCoefficient This will make the DAO centralized and dependent on the admin which is not recommended as those parameters play crucial role in the DAO voting process, and thus the DAO voters should be able to modify these parameters through proposals & voting . ## Proof of Concept All the setter functions for the parameters mentioned above include an **only admin** check statement, which means that only the admin is able to change these parameters. If we suppose that a given user proposes a change in one of this parameters (for example the VotingPeriod) and the DAO members vote and accept the proposal (meaning that the proposal succeded), When the contract try to execute the proposal it will revert as only the admin has the power to set a new parameter. All the functions below contain this issue : File: contracts/governance/NounsDAOLogicV1.sol [function _setVotingDelay(uint256 newVotingDelay) external]() [function _setVotingPeriod(uint256 newVotingPeriod) external]() [function _setProposalThresholdBPS(uint256 newProposalThresholdBPS) external]() [function _setQuorumVotesBPS(uint256 newQuorumVotesBPS) external]() File: contracts/governance/NounsDAOLogicV2.sol [function _setVotingDelay(uint256 newVotingDelay) external]() [function _setVotingPeriod(uint256 newVotingPeriod) external]() [function _setProposalThresholdBPS(uint256 newProposalThresholdBPS) external]() [function _setMinQuorumVotesBPS(uint16 newMinQuorumVotesBPS) external]() [function _setMaxQuorumVotesBPS(uint16 newMaxQuorumVotesBPS) external ]() [function _setQuorumCoefficient(uint32 newQuorumCoefficient) external]() [function _setDynamicQuorumParams(uint16 newMinQuorumVotesBPS, uint16 newMaxQuorumVotesBPS, uint32 newQuorumCoefficient) public]() ## Tools Used Manual audit ## Recommended Mitigation Steps Change the **only admin** check inside the functions that change the voting parameters : **_setVotingDelay**, **_setVotingPeriod**, **_setProposalThresholdBPS**, **_setMinQuorumVotesBPS**, **_setMaxQuorumVotesBPS**, **_setQuorumCoefficient** , **_setDynamicQuorumParams**. This is done by adding a check for the address of the DAO contract **address(this)**, in order to allow the governance contract to execute the proposals on this functions. For example for the **_setVotingDelay** functions instead of checking only if **msg.sender** is **admin** : require(msg.sender == admin, 'NounsDAO::_setVotingDelay: admin only'); The function should check if the **msg.sender** is **admin or address(this)** : require(msg.sender == admin || msg.sender == address(this), 'NounsDAO::_setVotingDelay: admin or DAO only'); This will allow the governance contract to execute proposals that change the voting parameters. These change must be done for all the functions mentioned above. --- The text was updated successfully, but these errors were encountered: All reactions

Query Builder