Description

The Tally helper in the keeper is used to iterate over votes and return the tally results of a proposal based on the voting power.

The quorum and threshold required for the proposal are fetched through the getQuorumAndThreshold helper. The previous implementation for getQuorumAndThreshold would iterate over all messages and return the highest quorum/threshold, which would be required for the entire proposal to pass.

Now, at the time of writing, the returned quorum and threshold are based on priority ordering:

func (keeper Keeper) getQuorumAndThreshold(ctx sdk.Context, proposal v1.Proposal) (quorum sdk.Dec, threshold sdk.Dec) {
	params := keeper.GetParams(ctx)
	kinds := keeper.ProposalKinds(proposal)
	if kinds.HasKindConstitutionAmendment() {
		quorum = keeper.GetConstitutionAmendmentQuorum(ctx)
		threshold = sdk.MustNewDecFromStr(params.ConstitutionAmendmentThreshold)
		return
	} // [0]
	if kinds.HasKindLaw() {
		quorum = keeper.GetLawQuorum(ctx)
		threshold = sdk.MustNewDecFromStr(params.LawThreshold)
		return
	} // [1]
	quorum = keeper.GetQuorum(ctx) // [2]
	threshold = sdk.MustNewDecFromStr(params.Threshold)
	return
}

If a proposal has constitutional amendments or law proposals, these are prioritized, ignoring the quorum/threshold for lower-priority proposals.

Impact

Since the quorum value is now computed dynamically for each proposal kind, it is possible for constitutional amendments and law proposals to have lower-required quorums than regular proposals. If this is the case, proposals could be passed without meeting the minimum participation requirement. This lets proposals, even major ones like constitutional amendments, pass without enough voter participation. It breaks core governance guarantees and opens the door for low-effort attacks or manipulation.

Recommendations

Revert to the previous implementation, returning the highest-required quorum/threshold for any message in a proposal.

Remediation

This issue has been acknowledged by AtomOne, and a fix was implemented in PR #161↗.