> For the complete documentation index, see [llms.txt](https://ret2basic.gitbook.io/ctfnote/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ret2basic.gitbook.io/ctfnote/web3-security-research/secureum/epoch-0/slot-7-audit-findings-101/quiz.md).

# Quiz

{% embed url="<https://ventral.digital/posts/2021/11/28/secureum-bootcamp-audit-findings-101-quiz>" %}
Slot 7 Quiz
{% endembed %}

\*\*Note: All 8 questions in this quiz are based on the InSecureumDAO contract snippet shown below. This is the same contract snippet you will see for all the 8 questions in this quiz. \*\*

The InSecureumDAO contract snippet illustrates some basic functionality of a Decentralized Autonomous Organization (DAO) which includes the opening of the DAO for memberships, allowing users to join as members by depositing a membership fee, creating proposals for voting, casting votes, etc. Assume that all other functionality (that is not shown or represented by ...) is implemented correctly.

```solidity
pragma solidity 0.8.4;
import 'https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/security/ReentrancyGuard.sol';
import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/security/Pausable.sol";

contract InSecureumDAO is Pausable, ReentrancyGuard {
    
    // Assume that all functionality represented by ... below is implemented as expected
     
    address public admin;
    mapping (address => bool) public members;
    mapping (uint256 => uint8[]) public votes;
    mapping (uint256 => uint8) public winningOutcome;
    uint256 memberCount = 0;
    uint256 membershipFee = 1000;
     
    modifier onlyWhenOpen() {
        require(address(this).balance > 0, 'InSecureumDAO: This DAO is closed');
        _;
    }

    modifier onlyAdmin() {
        require(msg.sender == admin);
        _;
    }

    modifier voteExists(uint256 _voteId) {
       // Assume this correctly checks if _voteId is present in votes
        ...
        _;
    }
    
    constructor (address _admin) {
        require(_admin == address(0));
        admin = _admin;
    }
  
    function openDAO() external payable onlyAdmin {
        // Admin is expected to open DAO by making a notional deposit
        ...
    }

    function join() external payable onlyWhenOpen nonReentrant {
        require(msg.value == membershipFee, 'InSecureumDAO: Incorrect ETH amount');
        members[msg.sender] = true;
        ...
    }

    function createVote(uint256 _voteId, uint8[] memory _possibleOutcomes) external onlyWhenOpen whenNotPaused {
        votes[_voteId] = _possibleOutcomes;
        ...
    }

    function castVote(uint256 _voteId, uint8 _vote) external voteExists(_voteId) onlyWhenOpen whenNotPaused {
        ...
    }

    function getWinningOutcome(uint256 _voteId) public view returns (uint8) {
        // Anyone is allowed to view winning outcome
        ...
        return(winningOutcome[_voteId]);
    }
  
    function setMembershipFee(uint256 _fee) external onlyAdmin {
        membershipFee = _fee;
    }
  
    function removeAllMembers() external onlyAdmin {
        delete members[msg.sender];
    }  
}
```

***

**Q1 Based on the comments and code shown in the InSecureumDAO snippet** :white\_check\_mark:

* [x] A) DAO is meant to be opened only by the admin by making an Ether deposit to the contract -> `openDAO()`
* [x] B) DAO can be opened by anyone by making an Ether deposit to the contract -> Forcefully send ethers via `selfdestruct()`
* [x] C) DAO requires an exact payment of membershipFee to join the DAO -> `require(msg.value == membershipFee)`
* [ ] D) None of the above

**Comment:**

While the payable `openDAO()` function is protected by the correctly implemented `onlyAdmin` modifier, it is always possible to force send Ether into a contract via `selfdestruct()`. The `onlyWhenOpen()` modifier only checks for the contracts own balance which can be bypassed by doing that. The payable `join()` function indeed checks for the `msg.value` to exactly match `membershipFee`.

**Q2 Based on the code shown in the InSecureumDAO snippet** :white\_check\_mark:

* [ ] A) Guarded launch via circuit breakers has been implemented correctly for all state modifying functions -> `onlyWhenOpen()` can break if attacker forcefully sends ethers via `selfdestruct()`
* [ ] B) Zero-address check(s) has/have been implemented correctly  -> `require(_admin == address(0))`
* [ ] C) All critical privileged-role functions have events emitted -> No events emitted whatsoever
* [x] D) None of the above

**Q3 Reentrancy protection only on join() (assume it’s correctly specified) indicates that** :white\_check\_mark:

* [ ] A) Only payable functions require this protection because of handling msg.value
* [x] B) join() likely makes untrusted external call(s) but not the other contract functions
* [ ] C) Both A and B
* [ ] D) Neither A nor B

**Q4 Access control on msg.sender for DAO membership is required in** :white\_check\_mark:

* [x] A) createVote() to prevent non-members from creating votes
* [x] B) castVote() to prevent non-members from casting votes
* [ ] C) getWinningOutcome() to prevent non-members from viewing winning outcomes
* [ ] D) None of the above

**Q5 A commit/reveal scheme (a cryptographic primitive that allows one to commit to a chosen value while keeping it hidden from others, with the ability to reveal the committed value later) is relevant for** :white\_check\_mark:

* [ ] A) join() to not disclose msg.sender while joining the DAO
* [ ] B) createVote() to not disclose the possible outcomes during creation
* [x] C) castVote() to not disclose the vote being cast
* [ ] D) All the above

**Q6 Security concern(s) from missing input validation(s) is/are present in** :white\_check\_mark:

* [x] A) createVote() for duplicate \_voteId
* [ ] B) castVote() for existing \_voteId
* [ ] C) getWinningOutcome() for existing \_voteId
* [x] D) setMembershipFee() for sanity/threshold checks on \_fe

**Q7 removeAllMembers() function** :white\_check\_mark:

* [x] A) Will not work as expected to remove all the members from the DAO
* [ ] B) Will work as expected to remove all the members from the DAO
* [x] C) Is a critical function missing an event emission
* [ ] D) None of the above

**Q8 InSecureumDAO will not be susceptible to something like the 2016 “DAO exploit”** :white\_check\_mark:

* [ ] A) Because it derives from ReentrancyGuard.sol which protects all contract functions by default
* [x] B) Only if it does not have a withdraw Ether function vulnerable to reentrancy and makes no external calls
* [ ] C) Because Ethereum protocol was fixed after the DAO exploit to prevent such exploits
* [ ] D) Because Solidity language was fixed after the DAO exploit to prevent such exploits\\


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://ret2basic.gitbook.io/ctfnote/web3-security-research/secureum/epoch-0/slot-7-audit-findings-101/quiz.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
