Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

setAdmin should be a two-step process. Potential locking of critical contract's functions #348

Open
code423n4 opened this issue Sep 23, 2022 · 2 comments
Open

setAdmin should be a two-step process. Potential locking of critical contract's functions #348

code423n4 opened this issue Sep 23, 2022 · 2 comments
Labels
bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2022-09-vtvl/blob/f68b7f3e61/contracts/AccessProtected.sol#L39

Vulnerability details

Impact

If a wrong/invalid address is given when calling setAdmin, some contract's functions could be lost access. While setAdmin checks for zero address, there is no validation of the new address being correct.

Also, there is no validation that the contract has at least one admin.

The design of the setAdmin function can block the contract's functions forever, so functions like "createClaim", "createClaimsBatch", "withdrawAdmin", "revokeClaim", "withdrawOtherToken", "setAdmin", "mint" would be locked.

contracts/AccessProtected.sol#L39    function setAdmin(address admin, bool isEnabled) public onlyAdmin {

Proof of Concept

  • Alice, the admin, executes setAdmin to an address which is accidentally invalid.
setAdmin(invalid_address, True)
  • Alice, who is giving up being admin, will invalidate her own access.
setAdmin(alice_address, False)
  • Now, nobody has access to critical functions.

Tools used

VisualStudio Code

Recommended Mitigation Steps

Change the single-step admin assignation to a two-step process where the current Admin first approves a new address as a pendingAdmin. That pendingAdmin has to then claim the ownership in a separate transaction. An incorrectly set pendingAdmin can be reset by changing it again to the correct one who can then successfully claim it in the second step.

Also, in the admin assignation process make sure that the contract has at least one admin.
@code423n4 code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Sep 23, 2022
code423n4 added a commit that referenced this issue Sep 23, 2022
@code423n4
0xbepresent issue #348
17a5345
@0xean
Copy link
Collaborator

0xean commented Sep 23, 2022

2 step process should be QA, but will mark as a duplicate of #469 re: the check to ensure the final admin doesn't remove themselves.

@0xean 0xean closed this as completed Sep 23, 2022
@0xean 0xean added QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Oct 9, 2022
@0xean
Copy link
Collaborator

0xean commented Oct 9, 2022

downgrading to QA per #496.

@0xean 0xean reopened this Oct 9, 2022
@trust1995 trust1995 mentioned this issue Oct 17, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@0xean @code423n4