3 matches found
Proposal functions are lacking access control for Governance.sol
Lines of code Vulnerability details Impact For the Governance.sol contract, the functions activateProposal and executeProposal can be called by anyone. Proof of Concept An malicious user could monitor the protocal DAO and activate or execute a proposal in a time not intended by the proposal...
The system can get to a "stuck" state if a bad proposal (proposal that can't be executed) is accepted
Handle CertoraInc Vulnerability details LimboDAO.sol updateCurrentProposal modifier and makeProposal function The LimboDAO contract has a variable that indicates the current proposal - every time there can be only one proposal. The only way a proposal can be done and a new proposal can be...
DAO proposals can be executed by anyone due to vulnerable TimelockController
Handle cmichel Vulnerability details Vulnerability Details The GovernorAlpha inherits from a vulnerable TimelockController. This TimelockController allows an EXECUTOR role to escalate privileges and also gain the proposer role. See details on OZ and the fix here. The bug is that executeBatch chec...