Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gov: setting a new fork escrow contract might lead to lost tokens #765

Open
eladmallel opened this issue Jul 24, 2023 · 0 comments
Open

Gov: setting a new fork escrow contract might lead to lost tokens #765

eladmallel opened this issue Jul 24, 2023 · 0 comments
Labels
protocol

Comments

@eladmallel
Copy link
Collaborator

Based on this C4 issue found as part of the DAO V3 audit: code-423n4/2023-07-nounsdao-findings#56.

In the current design if a token holder wants to withdraw their tokens from escrow, they have to call a DAO function which then calls the escrow; the escrow's withdraw function only allows the DAO to call it. If the DAO passes a proposal to swap the escrow contract with a new one, tokens held in the old escrow contract can only be withdrawn if the governor (DAO logic) is upgraded with a new function allowing token holders to call the old escrow's withdraw function. Without such an upgrade those token holders do not have access to their tokens.

A solution would be to allow any token holder to call the withdraw function directly on the escrow contract.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
protocol
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@davidbrai @eladmallel