GovernanceFacet Manual Review Findings

GFT-01M: Single Point of Failure

Description:

The updateMembersPercentage function can cause a single malicious vote to completely compromise the system as consequent votes could be adjusted to not require signatures at all.

Example:

Copy
69function updateMembersPercentage(uint256 _percentage) external override {
70    LibDiamond.enforceIsContractOwner();
71    LibGovernance.updateMembersPercentage(_percentage);
72
73    emit MembersPercentageUpdated(_percentage);
74}

Recommendation:

We advise this particular parameter of the governance module to require a higher threshold than the actual one to ensure such an issue does not manifest.

Alleviation:

The Limechain team stated that the multi signature wallet utilised to guard this particular function will have a sufficiently high threshold to prevent it being easily manipulated. Additionally, a require check was introduced ensuring that the new percentage is non-zero thereby preventing a malicious vote to compromise all consequent votes. We should note that such an attack vector would still be possible should the percentage be set to a value that requires a single signature only, however, given that the Limechain team stated extra care will be put to the external multi signature wallet's security we consider this exhibit addressed.