3 matches found
Time delay for operations scheduled by the community multisig (CM) in timelock pose a risk to the protocol and it users
Lines of code Vulnerability details Impact Time sensitive operations done by the CM, like taking actions in case of an security exploit, are subject to the minDelay of the Timelock contract. Such operations are time sensitive and executing them several minutes later can result in significant loss...
Decisionmaking in the DAO is to slow which results in the DAO not been able to use the CANCELLER_ROLE properly
Lines of code Vulnerability details Impact The time that takes the DAO to vote on a proposal is to long for the DAO to be a proper address to cancel scheduled operations. That is why no scheduled operation will ever be cancelled and potentially malicious operations from security exploits will be...
CM can delegatecall to any address and bypass all restrictions
Lines of code Vulnerability details Impact The GuardCM contract is designed to restrict the Community Multisig CM actions within the protocol to only specific contracts and methods. This is achieved by implementing a checkTransaction method, which is invoked by the CM GnosisSafe before every...