Manipulation of governance voting result deviating from voted outcome and resulting in a direct change from intended effect of original results
Description
Brief/Intro
In governance, there are usually proposals that for some reason (such as lack of quorum, and the number of votes ) defetated. This issue concerns instances of Governor that use the module GovernorVotesQuorumFraction In your protocol it is known as L2GovernorVotesQuorumFraction :
GovernorVotesQuorumFraction: Combines with GovernorVotes to set the quorum as a fraction of the total token supply. AlchemixGovernor inherits this module
contract AlchemixGovernor is L2Governor, L2GovernorVotes, L2GovernorVotesQuorumFraction /* @AUDIT */, L2GovernorCountingSimple
So this make vulnerable AlchemixGovernor contract.
If this report is unclear to you, refer to the reference link
Vulnerability Details
Vulnerable contract is AlchemixGovernor.sol && L2GovernorVotesQuorumFraction.sol
function quorum(uint256 blockTimestamp) public view virtual override returns (uint256) {
return (token.getPastTotalSupply(blockTimestamp) * quorumNumerator()) / quorumDenominator();
}
The token.getPastTotalSupply(blockNumber) call will not be optimized the same way and, A mechanism that determines quorum requirements as a percentage of the voting token's total supply. when a proposal is passed to lower the quorum requirement, past proposals may become executable if they had been defeated only due to lack of quorum, and the number of votes it received meets the new quorum requirement.
Impact Details
Past proposals may become executable if they had been defeated only due to lack of quorum, and the number of votes it received meets the new quorum requirement.
