Skip to content

fix: [C02] Proposer cannot pay rewards out multiple times for the same proposal#3689

Merged
mrice32 merged 1 commit intoUMAprotocol:masterfrom
mrice32:c01
Dec 13, 2021
Merged

fix: [C02] Proposer cannot pay rewards out multiple times for the same proposal#3689
mrice32 merged 1 commit intoUMAprotocol:masterfrom
mrice32:c01

Conversation

@mrice32
Copy link
Copy Markdown
Member

@mrice32 mrice32 commented Dec 13, 2021
edited
Loading

Motivation

The resolveProposal function of the Proposer contract simply validates that the oracle has resolved,
but does not check if the bond has been distributed. This means the same proposal can be resolved
multiple times, resulting in duplicate bond payments. Consider flagging or deleting existing proposals
when they are resolved.

Summary

This PR deletes the proposal after it is resolved to avoid re-resolution.

Testing

Check a box to describe how you tested these changes and list the steps for reviewers to test.

  • Ran end-to-end test, running the code as in production
  • New unit tests created
  • Existing tests adequate, no new tests required
  • All existing tests pass
  • Untested

Issue(s)

N/A

@mrice32
fix: [C02] Proposer cannot pay rewards out multiple times for the sam…
b152718 
…e proposal

Signed-off-by: Matt Rice <matthewcrice32@gmail.com>
chrismaree
chrismaree approved these changes Dec 13, 2021
View reviewed changes
Copy link
Copy Markdown
Member

@chrismaree chrismaree left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and this, right here, is why we get audits :)

Comment thread packages/core/contracts/oracle/implementation/Proposer.sol
token.safeTransfer(finder.getImplementationAddress(OracleInterfaces.Store), bondedProposal.lockedBond);
emit ProposalResolved(id, false);
}
delete bondedProposals[id];
Copy link
Copy Markdown
Member

@chrismaree chrismaree Dec 13, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:)

@mrice32 mrice32 merged commit f701df5 into UMAprotocol:master Dec 13, 2021
@mrice32 mrice32 deleted the c01 branch December 13, 2021 20:32
@mrice32 mrice32 added the audit-fix-phase6 Fixes for Phase 6 (Cross-chain oracle, optimistic rewarder, decentralized proposer) label Dec 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chrismaree chrismaree chrismaree approved these changes

@nicholaspai nicholaspai Awaiting requested review from nicholaspai

Assignees

No one assigned

Labels

audit-fix-phase6 Fixes for Phase 6 (Cross-chain oracle, optimistic rewarder, decentralized proposer)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mrice32 @chrismaree