Critical ItchyDAO Bug in the Voting Contract of MakerDAO

Details

function lock(uint wad)
public
note
{
GOV.pull(msg.sender, wad);
IOU.mint(msg.sender, wad);
deposits[msg.sender] = add(deposits[msg.sender], wad);
addWeight(wad, votes[msg.sender]);
}
function free(uint wad)
public
note
{
deposits[msg.sender] = sub(deposits[msg.sender], wad);
subWeight(wad, votes[msg.sender]);
IOU.burn(msg.sender, wad);
GOV.push(msg.sender, wad);
}
mapping(bytes32=>address[]) public slates;
mapping(address=>bytes32) public votes;
mapping(address=>uint256) public deposits;
function etch(address[] yays)
public
note
returns (bytes32 slate)
{
require( yays.length <= MAX_YAYS );
requireByteOrderedSet(yays);
bytes32 hash = keccak256(yays);
slates[hash] = yays;
Etch(hash);
return hash;
}
function vote(address[] yays) public returns (bytes32)
// note both sub-calls note
{
var slate = etch(yays);
vote(slate);
return slate;
}
function vote(bytes32 slate)
public
note
{
uint weight = deposits[msg.sender];
subWeight(weight, votes[msg.sender]);
votes[msg.sender] = slate;
addWeight(weight, votes[msg.sender]);
}
Figure 1: The flow of vote(address[] yays)
mapping(bytes32=>address[]) public slates;
mapping(address=>uint256) public approvals;
function addWeight(uint weight, bytes32 slate)
internal
{
var yays = slates[slate];
for( uint i = 0; i < yays.length; i++) {
approvals[yays[i]] = add(approvals[yays[i]], weight);
}
}
function subWeight(uint weight, bytes32 slate)
internal
{
var yays = slates[slate];
for( uint i = 0; i < yays.length; i++) {
approvals[yays[i]] = sub(approvals[yays[i]], weight);
}
}
Figure 2: Precalculate the sha3 hash (slate)
Figure 3: Call etch() to assign sha3 hash (slate)

Timeline

About Us

--

--

--

A Blockchain Security Company (https://peckshield.com)

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Passive Income, Staking with Thinkium

altFINS Launches a Mobile App

Sia Triannual Update: September-December 2017

The Growth of Bitcoin and Its Impact on P2P Markets

JaiHo India’s First Actual Community Token Is Making A Positive Different

I like project and events holding crypto currency fundamentals future and decentralised 🥳🖼️

VALUES Is a Blockchain Financial

Alpha5 (A5T) Investment Value Analysis

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
PeckShield

PeckShield

A Blockchain Security Company (https://peckshield.com)

More from Medium

Updates on tokenomics improvements, project security and data.

Millennium — the Mechanics

Announcing Peak DAO: The Avalanche Chain’s newest Reserve Currency!

Embr.Finance Weekly #1