Lucene search
K

4 matches found

Code423n4
Code423n4
added 2021/11/15 12:0 a.m.12 views

Governor's veto protection can be exploited

Handle cmichel Vulnerability details The GovernorAlpha's council cannot veto proposals that perform a call to the contract itself. This can be exploited by malicious proposal creators by appending a new call at the end of their proposal that simply calls an innocent function like...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/11/14 12:0 a.m.9 views

Missing duplicate veto check

Handle defsec Vulnerability details Impact On the GovernorAlpha contract, function veto has been added. Although the function behaviour is expected, duplicate veto process has not been checked on that function. Proof of Concept 1. Navigate to following contract line. function vetouint256...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/09/08 12:0 a.m.11 views

DAO proposals can be executed by anyone due to vulnerable TimelockController

Handle cmichel Vulnerability details Vulnerability Details The GovernorAlpha inherits from a vulnerable TimelockController. This TimelockController allows an EXECUTOR role to escalate privileges and also gain the proposer role. See details on OZ and the fix here. The bug is that executeBatch chec...

7.5AI score
Exploits0
Code423n4
Code423n4
added 2021/09/04 12:0 a.m.11 views

Reentrancy Bug in TimelockController.sol

Handle leastwood Vulnerability details Impact Notional's governance framework utilises a fork of Compound's Governor Alpha and ERC20 token. These are denoted specifically as the GovernorAlpha.sol and NoteERC20.sol contracts. However, the GovernorAlpha.sol has a key difference when compared to...

6.9AI score
Exploits0
Rows per page
Query Builder