2 matches found
GovernorOLAS is susceptible to DOS via proposal frontrunning
Lines of code Vulnerability details Impact The GovernorOLAS contract inherits from OpenZeppelin's GovernorCompatibilityBravo v4.8.3, which has a known vulnerability in the proposal creation process that can be exploited to halt proposals sent to the governor. The root cause of this vulnerability ...
Signatures can be replayed to cast with castVoteWithReasonAndParamsBySig() more votes than the user intended in GovernorOLAS
Lines of code Vulnerability details Impact In the "GovernorOLAS.sol" contract, as the comment line supports the OpenZeppelin functions are used as is. However, the inherited OpenZeppelin 4.8.3 library exposes a signature replay vulnerability due to the lack of use of nonce in the...