alcueca
commented
3 years ago As with #2, the separation of concerns is a feature, not a requirement.
Combined, planner and scheduler have ROOT access. Any on-chain enforcement could be bypassed off-chain and would give a false sense of security.
ghoul-sol
Handle
gpersoon
Vulnerability details
Impact
The execute function of TimeLock.sol could in theory be used to give the scheduler or executor extra rights. This would require some collusion between the scheduler or executor, or the executor to be careless in verifying the actions.
If you want to improve the separation of concerns. you could prevent this in AccessControl.sol
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
Tools Used
Recommended Mitigation Steps
Add functionality in AccessControl.sol to define roles that may not be combined. Enforce this separation of roles in the function _grantRole and _setRoleAdmin.