Owners can never be removed The intention of setOwners() is to replace the current set of owners with a new set of owners.
owever, the isOwner mapping is never updated, which means any address that was ever considered an owner is permanently considered an owner for purposes of signing transactions.
In setOwners(), before adding new owners, loop through the current set of owners and clear their isOwner booleans
- ConsenSys Audit Paxos Finding 3.1
- Access Control
- Stale Privileges
- Old Owners Never Removed
- Remove Old Owners
- Add New Owners
- Youtube Reference
- Critical finding in ConsenSys's Audit of Paxos