2 matches found
Unprotected initialize functions can front-run by MEV or by an Attacker
Lines of code Vulnerability details Vulnerability Detail It should be avoided that the implementation of proxy contracts can be initialized by third parties. This can be the case if the initialize function is unprotected. Since the implementation contract is not meant to be used directly without ...
In LlamaRelativeQuorum, actionApprovalSupply/actionDisapprovalSupply can be changed anytime.
Lines of code Vulnerability details Impact The governance result might be manipulated seriously because the approval/disapproval supplies can be changed anytime by an attacker. Proof of Concept The LlamaRelativeQuorum uses approval/disapproval thresholds that are specified as percentages of total...