[2023-08 - Arbitrum] Presorting

# [2023-08 - Arbitrum ] Pre-sorting **Contest repo:** https://github.com/code-423n4/2023-08-arbitrum/ **Findings repo:** https://github.com/code-423n4/2023-08-arbitrum-findings/ **Judging by:** 0xean (Discord: `0xean`) **Pre-sorting by:** [sorryNotsorry](https://twitter.com/0xSorryNotSorry) (Discord: `0xsorrynotsorry`) # High Severity Primary Submissions (9) ## [[H-249] Timelock canceller role is removed from council and transferred to upgrade executor](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/249) ## [[H-241] Decline in voting weight over time can be circumvented by splitting votes over multiple accounts and voting with the correct amount of votes](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/241) ## [[H-191] Proposals will not be submitted in `SecurityCouncilMemberElectionGovernor.sol` and `SecurityCouncilNomineeElectionGovernor.sol`](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/191) ## [[H-173] Security council election are vulnerable to signature replay attack](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/173) ## [[H-88] Prevent the protocol from running any nominee election](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/88) ## [[H-84] Unintended Removal of All Members from a Cohort](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/84) ## [[H-73] Malicious user could block future update to a security council by setting _nonce to type(uint256).max](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/73) ## [[H-59] DOS attack in SecurityCouncilNomineeElectionGovernor](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/59) ## [[H-46] Lack of Quorum and Majority Enforcement in Security Council Member Removal](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/46) # Medium Severity Primary Submissions (38) ## [[M-261] isContract() is not a reliable way to check whether the address is a contract or not](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/261) ## [[M-256] `getPastCirculatingSupply()` returns the ARB token supply instead of circulating votes supply](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/256) ## [[M-232] `includeNominee` FUNCTION SHOULD CHECK THE `COMPLIANT NOMINEE` LIST AND NOT THE `NOMINEE` LIST WHEN PROPOSING A NEW NOMINEE TO FULFILL THE TARGET COUNT](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/232) ## [[M-195] The `removeMember()` function does not maintain a certain threshold that helps to ensure the perform of Emergency/Non-Emergency actions](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/195) ## [[M-192] currentCohort() is not returning different values when the Election has ended .](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/192) ## [[M-188] The `startBlock` number should not be considered as a zero vote weight](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/188) ## [[M-182] SecurityCouncilNomineeElectionGovernor might have to wait for more than 6 months to create election again](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/182) ## [[M-177] Revert error in `SecurityCouncilNomineeElectionGovernor.sol#_execute()`](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/177) ## [[M-165] Stucking of execution of proposal that handles nominee elections](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/165) ## [[M-164] No randomness in choosing the "padding" accounts in the `includeNominee` function](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/164) ## [[M-154] Huge number of nominees can lead to unbounded loop DoS if endorsement value become lower](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/154) ## [[M-151] Equal elected nominees and cohort size makes the member election meaningless](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/151) ## [[M-141] `SecurityCouncilMgmtUpgradeLib.areAddressArraysEqual` returns `true` for unequal arrays](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/141) ## [[M-136] Wrong votes value is used to check if there is InsufficientTokens when prevVotesReceived + votes >= votesThreshold](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/136) ## [[M-135] relay() does not fulfill the openzeppelin function payable requirements](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/135) ## [[M-122] Not checking duplicates for firstCohort and secondCohort in initialize function](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/122) ## [[M-120] Removing a security council doesn't revoke any roles that may have been granted to it](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/120) ## [[M-119] Council member's key can be rotated without their explicit approval](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/119) ## [[M-115] Creating an election will be blocked if last electing did not follow happy path](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/115) ## [[M-108] SecurityCouncilMemberElectionGovernorCountingUpgradeable.topNominees can return wrong result in some cases](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/108) ## [[M-107] SecurityCouncilNomineeElectionGovernor.includeNominee should check whether the account is from outgoing members of the cohort](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/107) ## [[M-97] Security Council can undermine any DAO votes to remove a member](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/97) ## [[M-92] insufficient Input Validation for Nominee Selection and Vetting periods](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/92) ## [[M-91] Insufficient member address validation can lead to a failed SecurityCouncilMember Sync Action](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/91) ## [[M-82] Inconsistent Cohort Replacement Process in Security Council Manager](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/82) ## [[M-80] SecurityCouncilNomineeElectionGovernor vetting period will be shorten each election](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/80) ## [[M-67] SecurityCouncilNomineeElectionGovernor.includeNominee will fail with excluded nominee](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/67) ## [[M-66] The required number of votes for a governor proposal could be wrong because of wrong _voteSucceeded formula](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/66) ## [[M-57] NomineeVetter has super power](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/57) ## [[M-52] Changing the fullWeightDuration during member election](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/52) ## [[M-44] Changing Security Council does not schedule an update](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/44) ## [[M-43] Issue with adding new chain](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/43) ## [[M-35] User that has arb tokens will not be able to use it for voting, if it was received in same l1 block as proposal was created](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/35) ## [[M-33] Unwelcome election cannot be canceled](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/33) ## [[M-27] SecurityCouncilMemberElectionGovernorCountingUpgradeable will elect members with 0 votes](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/27) ## [[M-25] Safe owners can collude to make elections not possible](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/25) ## [[M-19] Security councils are not notified about cohorts at initialization](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/19) ## [[M-12] Missing checks when creating a SecurityCouncilManager on council member cohorts list can break protocol invariants](https://github.com/code-423n4/2023-08-arbitrum-findings/issues/12)