SamSteinGG
commented
2 years ago The modifier works as expected as it ensures that the set components function has been invoked which in turn transfers ownership to the DAO.
Closed code423n4 closed 2 years ago
SamSteinGG
commented
2 years ago The modifier works as expected as it ensures that the set components function has been invoked which in turn transfers ownership to the DAO.
alcueca
commented
2 years ago Dispute accepted
Handle
hyh
Vulnerability details
Impact
Incorrect access rights structure poses a centralization risk and can lead to various malicious owner type of attacks.
Proof of Concept
Currently affected:
Vader:
claimGrant, https://github.com/code-423n4/2021-11-vader/blob/main/contracts/tokens/Vader.sol#L200
adjustMaxSupply, https://github.com/code-423n4/2021-11-vader/blob/main/contracts/tokens/Vader.sol#L217
VaderPoolFactory:
toggleQueue, https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex/pool/VaderPoolFactory.sol#L117
Recommended Mitigation Steps
It's possible to implement DAO as a variable and initially set it to coincide with Owner, and allow one time reset to a new, appropriate DAO contract. Current implementation doesn't allow this, hard coding DAO to be current Owner.