Assessment reports>Prisma Finance>Threat Models>voteForProposal

Function: voteForProposal(address account, uint256 id, uint256 weight)

Vote in favor of a proposal.

Inputs

  • account

    • Control Controlled by the user, but the caller must be the account or a delegate of the account.

    • Constraints N/A.

    • Impact The account is used to determine the weight the account has for voting (based on the token holdings) and to ensure each account can only vote once for a proposal.

  • id

    • Control Controlled by the user.

    • Constraints Should be a valid exist ID.

    • Impact The ID is used to identify the proposal that is being voted on and to store the weight of the vote in the accountVoteWeights mapping.

  • weight

    • Control Controlled by the user.

    • Constraints N/A.

    • Impact The weight is used to influence the outcome of the proposal by increasing the currentWeight of the proposal by the specified weight.

Branches and code coverage (including function calls)

Intended branches

  • Successfully vote for a proposal and the vote weight updates correctly.

Negative behavior

  • Invalid proposal ID.

  • Vote for a proposal that has been already voted.

  • Vote for a proposal that has been already processed.

  • Vote on a proposal after the voting period has closed.

Function call analysis

  • voteForProposal -> tokenLocker.getAccountWeightAt(account, proposal.week)

    • What is controllable? account.

    • If return value controllable, how is it used and how can it go wrong? It might be able to create proposals when it should not be able to.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

Zellic © 2025Back to top ↑