[2023-06-Llama] Presorting

# [2023-06-Llama] Presorting **Contest repo:** https://github.com/code-423n4/2023-06-llama **Findings repo:** https://github.com/code-423n4/2023-06-llama-findings **Judging by:** [Picodes](https://twitter.com/thePicodes) (Discord: `thepicodes`) **Pre-sorting by:** [sorryNotsorry](https://twitter.com/0xSorryNotSorry) (Discord: `0xsorrynotsorry`) # High Severity Primary Submissions (15) ## [[H-256] User ETH will be stacked on Executor contract if the target script doesn't handle ETH.](https://github.com/code-423n4/2023-06-llama-findings/issues/256) ## [[H-247] It is not possible to execute actions that require ETH (or other protocol token)](https://github.com/code-423n4/2023-06-llama-findings/issues/247) ## [[H-244] Functions modified by `LlamaAccount.onlyLlama` can be called by contracts other than `LlamaCore`.](https://github.com/code-423n4/2023-06-llama-findings/issues/244) ## [[H-229] llamaExecutor address can be set by anyone, giving further privilege to onlyLlama accessed functions(Sponsor confirmed in DM)](https://github.com/code-423n4/2023-06-llama-findings/issues/229) ## [[H-203] In `LlamaRelativeQuorum`, the governance result might be incorrect as it counts the wrong approval/disapproval.](https://github.com/code-423n4/2023-06-llama-findings/issues/203) ## [[H-126] Delegatecalls to contracts which have different storage layouts will cause unexpected behavor. Whitelisting of delegate-callable targets is required like LlamaCore.authorizeScript().](https://github.com/code-423n4/2023-06-llama-findings/issues/126) ## [[H-109] Llama Core and Policy implementation not only minimal proxy should not be allowed to be authorized as scripts](https://github.com/code-423n4/2023-06-llama-findings/issues/109) ## [[H-104] Role might be granted and revoked at the same block to manipulate the role supply and result in incorrect behavior of relative strategy](https://github.com/code-423n4/2023-06-llama-findings/issues/104) ## [[H-83] The initial total supply of the role can be miscalculated in some cases](https://github.com/code-423n4/2023-06-llama-findings/issues/83) ## [[H-76] Expired role holder still can vote](https://github.com/code-423n4/2023-06-llama-findings/issues/76) ## [[H-62] Anyone can change approval/disapproval threshold for any action using LlamaRelativeQuorum strategy.](https://github.com/code-423n4/2023-06-llama-findings/issues/62) ## [[H-52] Execution of actions will always revert when minDisapprovals set to Zero.](https://github.com/code-423n4/2023-06-llama-findings/issues/52) ## [[H-34] cloneDeterministic can be frontrun to grief](https://github.com/code-423n4/2023-06-llama-findings/issues/34) ## [[H-31] Llama could be accounting for policy holders whose role already expired](https://github.com/code-423n4/2023-06-llama-findings/issues/31) ## [[H-27] [H-01] Guards can be bypassed by manipulating data input](https://github.com/code-423n4/2023-06-llama-findings/issues/27) # Medium Severity Primary Submissions (35) ## [[M-296] NATIVE TOKENS COULD GET STUCK INSIDE THE `LlamaCore` CONTRACT SINCE THERE IS NO WITHDRAWAL MECHANISM](https://github.com/code-423n4/2023-06-llama-findings/issues/296) ## [[M-287] expirationPeriod in the strategy contracts is not checked when calling LlamaCore.execute](https://github.com/code-423n4/2023-06-llama-findings/issues/287) ## [[M-282] Blacklisted Address Can Exploit the Exchange](https://github.com/code-423n4/2023-06-llama-findings/issues/282) ## [[M-262] Gas griefing/thief in LlamaAccount execute()](https://github.com/code-423n4/2023-06-llama-findings/issues/262) ## [[M-259] LlamaPolicyMetadata.tokenURI() name is missing escapeJSON](https://github.com/code-423n4/2023-06-llama-findings/issues/259) ## [[M-254] `LlamaPolicyMetadata.contractURI()` can return corrupted JSON data](https://github.com/code-423n4/2023-06-llama-findings/issues/254) ## [[M-241] Unsafe delegatecall functionality can break core protocol functionality](https://github.com/code-423n4/2023-06-llama-findings/issues/241) ## [[M-223] User with disapproval role can gas grief the action executor](https://github.com/code-423n4/2023-06-llama-findings/issues/223) ## [[M-213] Check for role expiration is not implemented during action creation/approval/disapproval.](https://github.com/code-423n4/2023-06-llama-findings/issues/213) ## [[M-209] A policyholder could prevent revoking his expired role by frontrunning.](https://github.com/code-423n4/2023-06-llama-findings/issues/209) ## [[M-208] In `LlamaCore`, the approval/disapproval logic by sig wouldn't work properly when the policyholder adds two or more off-chain signatures using one nonce.](https://github.com/code-423n4/2023-06-llama-findings/issues/208) ## [[M-207] The action creators can't approve their actions in the same block.](https://github.com/code-423n4/2023-06-llama-findings/issues/207) ## [[M-206] The `forceApproval/forceDisapproval` role holders might be unable to approve/disapprove if they were approved/disapproved with the normal `approval/disapproval` role already.](https://github.com/code-423n4/2023-06-llama-findings/issues/206) ## [[M-205] In `LlamaCore.sol`, there is no option to remove the strategies.](https://github.com/code-423n4/2023-06-llama-findings/issues/205) ## [[M-198] Potential selector collision in LlamaCore when calling the `receive` function](https://github.com/code-423n4/2023-06-llama-findings/issues/198) ## [[M-183] In LlamaCore.executeAction() function, failed transfer with low level call could be overlooked](https://github.com/code-423n4/2023-06-llama-findings/issues/183) ## [[M-182] Policy holders should have the option to revoke their roles if they want to](https://github.com/code-423n4/2023-06-llama-findings/issues/182) ## [[M-168] Reverting on disapprovalPolicySupply == 0 if disapproving is disabled is unnecessary and can lead to DoS](https://github.com/code-423n4/2023-06-llama-findings/issues/168) ## [[M-151] Cross-chain replay attacks are possible](https://github.com/code-423n4/2023-06-llama-findings/issues/151) ## [[M-147] Sanity check for forced approval/disapproval roles.](https://github.com/code-423n4/2023-06-llama-findings/issues/147) ## [[M-140] Executor is forced to create and assign disapproval role even though they choose to disable disapproval.](https://github.com/code-423n4/2023-06-llama-findings/issues/140) ## [[M-138] Frontrunning of createAction by choosing different strategy according to his interests.](https://github.com/code-423n4/2023-06-llama-findings/issues/138) ## [[M-125] LlamaAccount.execute with delegatecall=true allows to update the storage on the ERC1967 implementation slot](https://github.com/code-423n4/2023-06-llama-findings/issues/125) ## [[M-82] LlamaAccount doesn't implement supportsInterface function which is needed according to EIP721, and EIP1155](https://github.com/code-423n4/2023-06-llama-findings/issues/82) ## [[M-80] Users still can disapprove action after minExecutionTime has passed](https://github.com/code-423n4/2023-06-llama-findings/issues/80) ## [[M-77] `executeAction` function doesn't check if script is authorized](https://github.com/code-423n4/2023-06-llama-findings/issues/77) ## [[M-64] LlamaPolicy could be DOS by creating large amount of actions.](https://github.com/code-423n4/2023-06-llama-findings/issues/64) ## [[M-61] No function to adjust `minApprovals/minDisapprovals` thresholds](https://github.com/code-423n4/2023-06-llama-findings/issues/61) ## [[M-59] [M-03] Rounding up of minimum disapproval needed could affect disapproval process](https://github.com/code-423n4/2023-06-llama-findings/issues/59) ## [[M-55] Signature cancelation can be front-run.](https://github.com/code-423n4/2023-06-llama-findings/issues/55) ## [[M-51] Action states mismatch between LlamaCore and LlamaStrategy](https://github.com/code-423n4/2023-06-llama-findings/issues/51) ## [[M-41] Inadequate Access Control](https://github.com/code-423n4/2023-06-llama-findings/issues/41) ## [[M-36] Use safeTransferFrom Instead of transferFrom for ERC721](https://github.com/code-423n4/2023-06-llama-findings/issues/36) ## [[M-11] [M-02] Any policy holders with same permissions can queue actions for other policy holders](https://github.com/code-423n4/2023-06-llama-findings/issues/11) ## [[M-10] [M-01] Owner can be uncessarily DoSed from setting roles for policy holders](https://github.com/code-423n4/2023-06-llama-findings/issues/10)