Description

Before performing any amendment to a grantee's MetaVesT, the controller must propose a proposal and wait for the grantees to consent. The proposal can be consented either by the affected grantee calling the function consentToMetavestAmendment or by grantees with the same MetaVesTed token voting in the function voteOnMetavestAmendment.

In the function consentToMetavestAmendment, grantees should be able to revoke the consent via the parameter _inFavor. However, the actual setting does not use this parameter, causing the function to only consent to the amendment.

/// @param _inFavor whether msg.sender consents to the applicable amending function call (rather than assuming true, this param allows a grantee to later revoke decision should 'authority' delay or breach agreement elsewhere)
function consentToMetavestAmendment(address _grant, bytes4 _msgSig, bool _inFavor) external {
    // [...]
!   functionToGranteeToAmendmentPending[_msgSig][_grant].inFavor = true;
    emit MetaVesTController_AmendmentConsentUpdated(_msgSig, msg.sender, _inFavor);
}

Impact

Since function consentToMetavestAmendment always sets inFavor to true, once grantees consent to the amendment, they cannot revoke the decision.

Recommendations

Use _inFavor to set functionToGranteeToAmendmentPending[_msgSig][_grant].inFavor instead of true.

Remediation

This issue has been acknowledged by MetaLeX Labs, Inc, and a fix was implemented in commit ffdc5180↗.