Nouns Dao Presorting

**Contest repo:** https://github.com/code-423n4/2023-07-nounsdao **Findings repo:** https://github.com/code-423n4/2023-07-nounsdao-findings **Judging by:** [Gzeon](https://twitter.com/gzeon) (Discord: `gzeon`) **Pre-sorting by:** [sorryNotsorry](https://twitter.com/0xSorryNotSorry) (Discord: `0xsorrynotsorry`) # High Severity Primary Submissions (9) ## [[H-245] The 'Nouns Fork' is considered unfair towards contributors, given they are not awarded any new tokens.](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/245) ## [[H-226] The fork mechanism of Nouns DAO may be completely ineffective or abused, because there is no reasonable limit to the maximum or minimum value of the fork threshold.](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/226) ## [[H-211] Wrong consideration of block period causes incorrect votingPeriod and votingDelay calculations](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/211) ## [[H-198] cancelSig will not completely cancel signatures due to malleability vulnerabilities](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/198) ## [[H-194] dynamicQuorumVotes calculation has accuracy error resulting in the less required quorum](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/194) ## [[H-175] Arbitrary Pending `_setPendingVetoer` Address Assignment.](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/175) ## [[H-164] Return value of low-level .call() not checked](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/164) ## [[H-157] It is impossible to veto or cancel proposals made before the upgrade because contract attempts to veto or cancel them on timelock v2 whereas they are in v1](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/157) ## [[H-116] Auction house can break or users can lose their NFT](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/116) # Medium Severity Primary Submissions (26) ## [[M-264] Ex-token holders are still able to cast votes on proposals under certain circumstances](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/264) ## [[M-228] All transactions with Ether to NounsDAOExecutor::executeTransaction() function will fail.](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/228) ## [[M-221] [M-05] `NounsDAOV3DynamicQuorum.quorumVotes()`: Wrong totalSupply parameter used to calculated dynamic votes thresholds](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/221) ## [[M-215] Token holders can create as many proposals as they want if they already have an active proposal by transferring their token to another wallet.](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/215) ## [[M-205] Vetoer can veto a non-existent proposal](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/205) ## [[M-163] Users that create proposals before upgrade are not allowed to choose the timelock they want it queued in.](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/163) ## [[M-162] Some expired proposals on v1 may be wrongly marked as Queued, and will be executable.](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/162) ## [[M-160] no way to disable update period of proposal, could cause unnecessary delay and longer proposal lifecycle](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/160) ## [[M-153] quit functions inside Forked DAO should only work for escrowed nouns token from original DAO, otherwise forked DAO will not serve its purpose and auctioned token could be used to get profit from treasury funds](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/153) ## [[M-132] Lack of expiry time for vote tx can unnecessarily trigger objection period](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/132) ## [[M-129] In NounsAuctionHouseFork.sol, Fixed Amount of Gas Sent in Call May Be Insufficient](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/129) ## [[M-121] [M-04] `NounsDAOV3Fork.adjustedTotalSupply()`: Forking can affect existing adjusted total supply for proposing proposals](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/121) ## [[M-102] User can steal tokens by using duplicated ERC20 tokens as parameter in NounsDAOLogicV1Fork.quit](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/102) ## [[M-84] Inequitable distribution of funds when quitting DAO due to token opt-out](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/84) ## [[M-82] `lastMinuteWindowInBlocks` can be dodged to have undesirable proposal executed](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/82) ## [[M-75] Function `verifySignersCanBackThisProposalAndCountTheirVotes` in `NounsDAOV3Proposals.sol` sets the `signers` array from the wrong index](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/75) ## [[M-56] If DAO updates forkEscrow before forkThreshold is reached, the user's escrowed Nouns will be lost](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/56) ## [[M-55] NounsDAOV3Proposals.cancel() should allow to cancel the proposal of the Expired state](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/55) ## [[M-43] [M-03] `NounsDAOV3Proposals.cancel()`: Do not allow cancellation of proposals when states are not yet finalized or are already finalized](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/43) ## [[M-42] [M-02]: `NounsDAOV3Proposals.checkPropThreshold()`: Not inclusive of if proposal votes is equal to proposal threshold](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/42) ## [[M-34] Measures should be taken to ensure proper gas refunds in the case where votes are batched](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/34) ## [[M-32] The objection period's implementation is heavily flawed and could curb some Nouners their right to vote `for` a proposal](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/32) ## [[M-30] Lack of `proposalId` validation in `quorumVotes()` would lead to wrong assumptions](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/30) ## [[M-29] Making the snapshot time _known_ and to be in the future makes it very easy to manipulate the outcome of a proposal's votes](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/29) ## [[M-28] Measures should be taken to account for changes to the Dynamic Quorum Votes and it's Parameters within the same block a proposal was made](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/28) ## [[M-18] Admin and delay can't be set in NounsDAOExecutor](https://github.com/code-423n4/2023-07-nounsdao-findings/issues/18)