Assessment reports>Prisma Finance>Threat Models>createNewProposal

Function: createNewProposal(address account, Action[] payload)

Create a new proposal.

Inputs

  • account

    • Control: Controlled by the user, but the caller must be the account or a delegate of the account.

    • Constraints: The weight of the account (i.e., its voting power based on token holding) must meet or exceed the minCreateProposalWeight.

    • Impact: The account for creating the proposal.

  • payload

    • Control: Controlled by the user.

    • Constraints: An array of action objects, each containing a target address and associated calldata. The array must not be empty.

    • Impact: Defines the series of actions that will be executed if the proposal is accepted.

Branches and code coverage (including function calls)

Intended branches

  • Successfully create a new proposal.

Negative behavior

  • Insufficient weight (less than minCreateProposalWeight).

  • Revert due to empty payload.

Function call analysis

  • createNewProposal -> getWeek()

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? The return value is not controllable.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

  • createNewProposal -> tokenLocker.getAccountWeightAt(account, week)

    • What is controllable? account.

    • If return value controllable, how is it used and how can it go wrong? It might be able to create proposals when it should not be able to.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

  • createNewProposal -> tokenLocker.getTotalWeightAt(week)

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? It could affect the calculated requiredWeight.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

Zellic © 2025Back to top ↑