5 matches found
VetoProposal#voteToVeto can be called repeatedly by same voter and be used to lock party
Lines of code Vulnerability details Impact Party can be locked due to not being able to pass and proposals Proof of Concept VetoProposal.solL37-L59 uint96 votingPower = party.getVotingPowerAt msg.sender, proposalValues.proposedTime - 1, snapIndex ; uint96 newVotes = votes + votingPower; // Check ...
VetoProposal.voteToVeto() checks the proposal status wrongly.
Lines of code Vulnerability details Impact VetoProposal.voteToVeto wouldn't work as expected because voters can vote during the Voting status only. Proof of Concept When we check veto, it works during 3 statuses, Voting, Passed, Ready which is mentioned in the comment as well. ProposalStatus stat...
Voters can call VetoProposal.voteToVeto() as many times as they like.
Lines of code Vulnerability details Impact Each voter can veto a proposal if they want by calling voteToVeto several times to pass the passThresholdBps. Proof of Concept Every voter shouldn't vote several times, otherwise, the voting system will be broken. But voteToVeto doesn't check the already...
VetoProposal: proposals cannot be vetoed in all states in which it should be possible to veto proposals
Lines of code Vulnerability details Impact The VetoProposal contract allows to veto proposals with the voteToVeto function. The proposal can only be vetoed when it is in the Voting state, otherwise the voteToVeto function reverts. The issue is that the Voting state is not the only state in which ...
VetoProposal: user can veto multiple times so every proposal can be votoed by any user that has a small amount of votes
Lines of code Vulnerability details Impact The VetoProposal contract allows to veto proposals with the voteToVeto function. When the amount of votes collected to veto a proposal exceeds a certain threshold the passThresholdBps, which is determined upon initialization of the party, the proposal is...