LibGovernance Manual Review Findings

LGE-01M: Insecure Consortium

Description:

The validateSignaturesLength function dynamically calculates the amount of members that should sign a particular transaction, however, in doing so it ignores truncations that can cause lengths of 0 to be accepted as valid.

Example:

Copy
129function validateSignaturesLength(uint256 _n) internal view {
130    Storage storage gs = governanceStorage();
131    uint256 members = gs.membersSet.length();
132    require(_n <= members, "LibGovernance: Invalid number of signatures");
133    require(
134        _n > (members * gs.percentage) / gs.precision,
135        "LibGovernance: Invalid number of signatures"
136    );
137}

Recommendation:

We advise an additional validation to be imposed here whereby the calculation of (members * gs.percentage) / gs.precision rounds up. This will significantly strengthen the governance requirement and also cause values of 0 to be impossible to achieve (i.e. any percent required with 1 member would yield 0 in the current implementation).

Alleviation:

A rounding-up mechanism was put in place whereby signatures are ensured to match the percentage of members rounded up inclusively.