Governor proposal creation may be blocked by frontrunning

[naddison36]

Open Zeppelin has issued the following security advisory:

• Governor proposal creation may be blocked by frontrunning

Affected packages: >=4.3.0 <4.9.1
Patched version: 4.9.1

Origin's ousd-governance repo is using OZ v4.6.0.
A modified versions of the OZ Governance contracts are being used.

Analysis needs to be done to see if the OZ change needs to be applied to the modified Origin governance contracts.

OpenZeppelin commit that addresses the issue: OpenZeppelin/openzeppelin-contracts@d947432

[sparrowDom]

Added the commit that addresses the issue to above description

[sparrowDom]

The analysis:
Our Governance contract that calls propose imports GovernorCompatibilityBravo. That one imports OZ's 4.6.0 Governor.

This means that our proposal creations could be front-run. Until we upgrade the contracts to 4.9.1 we are vulnerable to the attack.

[sparrowDom]

We will need to re-deploy the Governance contract: