Open code423n4 opened 3 years ago
As with #2, the separation of concerns is a feature, not a requirement.
Combined, planner
and scheduler
have ROOT
access. Any on-chain enforcement could be bypassed off-chain and would give a false sense of security.
per sponsor comment, invalid
Handle
gpersoon
Vulnerability details
Impact
The execute function of TimeLock.sol could in theory be used to give the scheduler or executor extra rights. This would require some collusion between the scheduler or executor, or the executor to be careless in verifying the actions.
If you want to improve the separation of concerns. you could prevent this in AccessControl.sol
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
Tools Used
Recommended Mitigation Steps
Add functionality in AccessControl.sol to define roles that may not be combined. Enforce this separation of roles in the function _grantRole and _setRoleAdmin.