14 matches found
Security of a Secret Sharing Protocol on the Qline
Secret sharing is a fundamental primitive in cryptography, and it can be achieved even with perfect security. However, the distribution of shares requires computational assumptions, which can compromise the overall security of the protocol. While traditional Quantum Key Distribution QKD can...
The quorum calculation in the _quorumReached() function is inconsistent and could allow abstain votes to prevent a proposal from reaching quorum even if most participating voters are in favor
Lines of code Vulnerability details Impact This allows abstain voters to effectively veto a proposal, even if most participating voters approve it. Proof of Concept The quorum numerator and denominator are inconsistent. The quorum uses totalVotes for the denominator which includes abstains. But t...
Wisconsin Governor Hacks the Veto Process
In my latest book, A Hackers Mind, I wrote about hacks as loophole exploiting. This is a great example: The Wisconsin governor used his line-item veto powers--supposedly unique in their specificity--to change a one-year funding increase into a 400-year funding increase. He took this wording:...
VetoProposal: proposals cannot be vetoed in all states in which it should be possible to veto proposals
Lines of code Vulnerability details Impact The VetoProposal contract allows to veto proposals with the voteToVeto function. The proposal can only be vetoed when it is in the Voting state, otherwise the voteToVeto function reverts. The issue is that the Voting state is not the only state in which ...
VetoProposal: user can veto multiple times so every proposal can be votoed by any user that has a small amount of votes
Lines of code Vulnerability details Impact The VetoProposal contract allows to veto proposals with the voteToVeto function. When the amount of votes collected to veto a proposal exceeds a certain threshold the passThresholdBps, which is determined upon initialization of the party, the proposal is...
Front-running of accept call
Lines of code Vulnerability details Description There is accept and veto functions in the PartyGovernance contract. The functions accepts the proposalId accept function also accepts snapIndex, which does not contain any information about the proposal itself. As a result, transactions of users can...
Council veto protection does not work
Handle TomFrenchBlockchain Vulnerability details Impact Council can veto proposals to remove them to remain in power. Proof of Concept The Vader governance contract has the concept of a "council" which can unilaterally accept or reject a proposal. To prevent a malicious council preventing itself...
Governance veto can be bypassed
Handle gzeon Vulnerability details Impact Since veto ensure none of the actions in proposal being vetoed point to the contract GovernorAlpha.sol:L562, a malicious proposal can be designed to have an action that point to governance and therefore effectively cannot be vetoed. Proof of Concept For a...
Governor's veto protection can be exploited
Handle cmichel Vulnerability details The GovernorAlpha's council cannot veto proposals that perform a call to the contract itself. This can be exploited by malicious proposal creators by appending a new call at the end of their proposal that simply calls an innocent function like...
Missing duplicate veto check
Handle defsec Vulnerability details Impact On the GovernorAlpha contract, function veto has been added. Although the function behaviour is expected, duplicate veto process has not been checked on that function. Proof of Concept 1. Navigate to following contract line. function vetouint256...
Why tech companies wanted Senate Bill 315 vetoed
When Georgia Senate Bill 315 SB-315 was introduced, people in the tech world anxiously awaited its fate, regardless of their geographic location. They knew that some laws initially restricted to single states become more widespread after politicians set precedents. And they knew that this law cou...
Georgia Governor Vetoes Controversial Hack-Back Bill
Recognizing the concerns of tech giants and security researchers alike, Georgia Gov. Nathan Deal has vetoed a controversial “hack-back” bill that would have allowed companies in the state to perform offensive cyber-actions in the face of an attack. “Certain components of the legislation have led ...
CISPA Returns back, Forget privacy reforms
The Cyber Intelligence Sharing and Protection act CISPA will be reintroduced by House Intelligence Committee Chairman Mike Rogers R-Mich. and ranking member Rep. Dutch Ruppersberger D-Md. before the US House next week. CISPA would've allowed any company to give away all the data its collected on...
CISPA Passes House to a Cacophony of Groans and Cheers
The controversial Cyber Intelligence Sharing and Protection Act CISPA passed with bipartisan support by a 248-168 vote in the U.S. House of Representatives last night, despite warnings from privacy experts and a growing public outcry. CISPA’s chief supporter and co-sponsor, Mike Rogers R-MI,...