Context
- I was able to submit a treasury proposal without specifying a reward address and amount, which are mandatory fields for a valid proposal.
Steps to Reproduce:
- Generate a wallet, dRep, and stake key.
- Load the wallet with funds.
- Register the stake and dRep.
- Attempt to create a treasury proposal without providing a reward address and amount:
gov-cli propose create-treasury-withdrawal --anchor-url https://raw.githubusercontent.com/Ryun1/metadata/main/cip108/treasury-withdrawal.jsonld --anchor-data-hash 154ac6b0da5a4c6b185e9b12d89427bf13ca9f4703fe0a5118151a6832229b4a
Logs:
> cardano-cli conway query gov-state --socket-path /home/niraj/.cardano/sancho/node.socket --testnet-magic=4
> cardano-cli conway governance action create-treasury-withdrawal --anchor-url https://raw.githubusercontent.com/Ryun1/metadata/main/cip108/treasury-withdrawal.jsonld --anchor-data-hash 154ac6b0da5a4c6b185e9b12d89427bf13ca9f4703fe0a5118151a6832229b4a --governance-action-deposit 100000000000 --deposit-return-stake-verification-key-file /home/niraj/.cardano/keys/stake.vkey --out-file create-treasury-withdrawal.proposal --testnet --constitution-script-hash edcd84c10e36ae810dc50847477083069db796219b39ccde790484e0
> cardano-cli query utxo --address addr_test1qq7rypzjfl4ydy62t9e9e6tkhwul99d2u9q2c9paqrywacemmw9rfes5q4g8uqep2ydlftaulfq23tv8l9c39fthw9zsm60shz --out-file /home/niraj/.cardano/keys/utxo.json --socket-path /home/niraj/.cardano/sancho/node.socket --testnet-magic=4
> cardano-cli conway transaction build --proposal-file create-treasury-withdrawal.proposal --proposal-script-file /home/niraj/.cardano/keys/guardrails-script.plutus --proposal-redeemer-value {} --tx-in-collateral a4749ccac547b98840f0970f4157bc58f0918713e35899845192536cbe8a5d02#0 --tx-in a4749ccac547b98840f0970f4157bc58f0918713e35899845192536cbe8a5d02#0 --tx-in a75808079882522af7b596fcc2431d83127b7e0922adc61dc1ecdcdf5ed48771#0 --out-file /home/niraj/.cardano/keys/propose-gov-action-create-treasury-withdrawal_tx.raw --change-address addr_test1qq7rypzjfl4ydy62t9e9e6tkhwul99d2u9q2c9paqrywacemmw9rfes5q4g8uqep2ydlftaulfq23tv8l9c39fthw9zsm60shz --socket-path /home/niraj/.cardano/sancho/node.socket --testnet-magic=4
> cardano-cli conway transaction sign --tx-body-file /home/niraj/.cardano/keys/propose-gov-action-create-treasury-withdrawal_tx.raw --signing-key-file /home/niraj/.cardano/keys/payment.skey --out-file /home/niraj/.cardano/keys/propose-gov-action-create-treasury-withdrawal_signed_tx.json
> cardano-cli conway transaction submit --tx-file /home/niraj/.cardano/keys/propose-gov-action-create-treasury-withdrawal_signed_tx.json --socket-path /home/niraj/.cardano/sancho/node.socket --testnet-magic=4
> cardano-cli transaction txid --tx-file /home/niraj/.cardano/keys/propose-gov-action-create-treasury-withdrawal_tx.raw
Transaction submitted : 6d84c9cbd85257226488871b5ea7aae19f2c34f3b3e562b4856527f0bd31dbbc
GovAction Id : 6d84c9cbd85257226488871b5ea7aae19f2c34f3b3e562b4856527f0bd31dbbc#0Issue:
The CLI allows the submission of a treasury proposal without specifying a reward address and amount, which should be mandatory fields. This could lead to invalid proposals being processed.
Governance action on govtool: https://govtool.cardanoapi.io/connected/governance_actions/6d84c9cbd85257226488871b5ea7aae19f2c34f3b3e562b4856527f0bd31dbbc#0
Context
Steps to Reproduce:
Logs:
Issue:
The CLI allows the submission of a treasury proposal without specifying a reward address and amount, which should be mandatory fields. This could lead to invalid proposals being processed.
Governance action on govtool: https://govtool.cardanoapi.io/connected/governance_actions/6d84c9cbd85257226488871b5ea7aae19f2c34f3b3e562b4856527f0bd31dbbc#0