Skip to content

Get Actions Validation#

Informational

In Governor.sol the getActions function does not validate that the proposal id is valid, and will typically just return zero bytes for targets, values and calldatas.

function getActions(uint256 proposalId)
    external
    view
    returns (
        address[] memory targets,
        uint256[] memory values,
        bytes[] memory calldatas
    )
{
    Proposal storage p = proposals[proposalId];
    return (p.targets, p.values, p.calldatas);
}

Recommendation#

Revert if the proposalId is invalid when getActions is called.

require(proposalCount >= proposalId && proposalId != 0, "Invalid proposal Id");