Skip to content

fix: budget cap dos #453

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jul 22, 2025
Merged

fix: budget cap dos #453

merged 5 commits into from
Jul 22, 2025

Conversation

@0xOneTony
Copy link
Member

@0xOneTony 0xOneTony commented Jul 21, 2025

Closes OPT-949

@linear
Copy link

linear bot commented Jul 21, 2025

OPT-949 [H-0] Permissionless proposals with budget caps can be DoS

@0xOneTony 0xOneTony requested a review from 0xChin July 21, 2025 15:33
cursor[bot]

This comment was marked as outdated.

Sign in to view

@0xOneTony 0xOneTony mentioned this pull request Jul 21, 2025
Merged
cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

0xChin
0xChin reviewed Jul 22, 2025
View reviewed changes
packages/contracts-bedrock/src/governance/ProposalValidator.sol Outdated
// validate the attestation
_validateTopDelegateAttestation(_attestationUid, _msgSender());
// proposal.votingCycle should never be 0, voting cycles already exist before the ProposalValidator is deployed
// and should be set by the OP Foundation
Copy link
Member

@0xChin 0xChin Jul 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this comment should be in line 578 https://github.com/defi-wonderland/optimism/pull/453/files#diff-e08ec1b0a9b8fcf25969e83b9aa4058a4a4886602ab43175b02dd8e1b50e6a81R578

cursor[bot]
cursor bot reviewed Jul 22, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Proposal Validation Mismatch in Voting Cycle

The canApproveProposal function uses an inconsistent voting cycle for attestation validation compared to approveProposal. For ProtocolOrGovernorUpgrade proposals, approveProposal correctly uses the proposal's current votingCycle for validation, while canApproveProposal incorrectly always uses proposal.votingCycle - 1. This discrepancy can lead to canApproveProposal returning misleading results for these proposal types.

packages/contracts-bedrock/src/governance/ProposalValidator.sol#L637-L654

optimism/packages/contracts-bedrock/src/governance/ProposalValidator.sol

Lines 637 to 654 in 3348e3f

/// @return canApprove_ True if the delegate can approve the proposal, false otherwise.
function canApproveProposal(
bytes32 _attestationUid,
address _delegate,
bytes32 _proposalHash
)
external
view
returns (bool canApprove_)
{
// TODO: this function should be fixed in OPT-957
ProposalData storage proposal = _proposals[_proposalHash];
if (proposal.votingCycle == 0) {
return false;
}
canApprove_ = _validateTopDelegateAttestation(_attestationUid, _delegate, proposal.votingCycle - 1);
}

Fix in CursorFix in Web

Was this report helpful? Give feedback by reacting with 👍 or 👎

@0xOneTony 0xOneTony merged commit 6638584 into fix/ir-findings Jul 22, 2025
3 checks passed
@0xOneTony 0xOneTony deleted the fix/budget-cap-dos branch July 22, 2025 20:14
0xOneTony added a commit that referenced this pull request Jul 29, 2025
@0xOneTony
fix: budget cap dos (#453)
006e9ac 
* fix: budget cap dos

* fix: invalid proposal case

* fix: test

* fix: tests
0xOneTony added a commit that referenced this pull request Jul 29, 2025
@0xOneTony
fix: budget cap dos (#453)
9ab5d00 
* fix: budget cap dos

* fix: invalid proposal case

* fix: test

* fix: tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@0xChin 0xChin 0xChin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@0xOneTony @0xChin