3 matches found
Time delay for operations scheduled by the community multisig (CM) in timelock pose a risk to the protocol and it users
Lines of code Vulnerability details Impact Time sensitive operations done by the CM, like taking actions in case of an security exploit, are subject to the minDelay of the Timelock contract. Such operations are time sensitive and executing them several minutes later can result in significant loss...
When unpausing the GuardCM, not setting governorCheckProposalId to 0 puts the assets of the protocol at risk
Lines of code Vulnerability details Impact If the GuardCM was paused once, the community multisig CM can pause it again without checking for the governances activity. This moves the power within the system from the governance to the CM and can, in the worst case, result in the lose of all funds o...
Proposal can executed even when it is in the "Queued" state.
Lines of code Vulnerability details Impact An attacker can bypass the intended governance process and directly execute proposals that are still in the voting or canceled state. This can result in unauthorized actions being performed on the smart contract, leading to loss of funds Proof of Concept...