31451 - [SC - Insight] MAX_PROPOSAL_NUMERATOR is incorrectly set
Previous31449 - [SC - Low] BribegetRewardForOwner should not revert if the...Next31453 - [SC - Critical] The balance of RevenueHandler can be drained
Last updated
Was this helpful?
Last updated
Was this helpful?
Submitted on May 19th 2024 at 14:34:45 UTC by @Kenzo for
Report ID: #31451
Report type: Smart Contract
Report severity: Insight
Target: https://github.com/alchemix-finance/alchemix-v2-dao/blob/main/src/AlchemixGovernor.sol
Impacts:
Contract fails to deliver promised returns, but doesn't lose value
In AlchemixGovernor contract, the MAX_PROPOSAL_NUMERATOR is used to determine the maximum threshold for quorum which is hardcoded and can be never changed except by an upgrade. The current implementation set the MAX_PROPOSAL_NUMERATOR = 5000. But the issue is according to the Alchemix , The MAX_PROPOSAL_NUMERATOR should be equal to 6600(60%) instead of 5000.
Due to adding the wrong value in MAX_PROPOSAL_NUMERATOR the protocol doesn't allows the admin to set the value of MAX_PROPOSAL_NUMERATOR above the 5000(50%) which makes the admin/protocol restricted to set maximum threshold for quorum above than 50% as intended by the protocol in the docs using the function below:
https://github.com/alchemix-finance/alchemix-v2-dao/blob/main/src/AlchemixGovernor.sol?utm_source=immunefi#L68C1-L74C1
https://github.com/alchemix-finance/alchemix-v2-dao/blob/main/src/AlchemixGovernor.sol?utm_source=immunefi#L19
Change the following according to the docs:
Run this test in AlchemixGovernor.t.sol: