5 matches found
Voting period hardcoded to 3 blocks
Lines of code Vulnerability details Impact Here in the Governance contract, the voting period is locked to 3 blocks. function votingPeriod public pure override returns uint256 return 3; function votingDelay public pure override returns uint256 return 1; This is a direct bug because if we take a...
Upgraded Q -> M from 264 [1663928566317]
Judge has assessed an item in Issue 264 as Medium risk. The relevant finding follows: L-05 Single-step Vetoer transfer is unsafe If the newVetoer is set to the incorrect address, the functionality will be unretrievable. 1 instance of this issue has been found: L-05 NounsDAOLogicV2.solL839-L845...
USER CAN BLOCK GOVERNANCE VOTING BY SUBMITTING MULTIPLE PROPOSALS
Lines of code Vulnerability details Impact A user can submit multiple proposals and then endorse each one of them to be able to activate them, and because the Governance contract allow only one active proposal, this user will be able to always activate his proposals and thus not allowing any othe...
Eth sent to Timelock will be locked in current implementation
Lines of code Vulnerability details Impact Eth sent to Timelock will be locked in current implementation. I came across this problem while playing around with the governance contract. Proof of Concept Setup the governance contracts GovernorBravoDelegate, Timelock Send eth to timelock contract Set...
Users Can Frontrun Token Distributions Using Flashloans
Lines of code Vulnerability details Impact The collector suite of contracts will actively send ANC token distributions to staked ANC token holders. However, because it is known beforehand that a distribution will be made to the governance contract, users can abuse this to frontrun distributions b...