search

code-423n4 / 2023-05-base-findings

1 stars 0 forks source link

Upgraded Q -> 2 from #112 [1686922871117] #135

Closed c4-judge closed 1 year ago

c4-judge commented 1 year ago

Judge has assessed an item in Issue #112 as 2 risk. The relevant finding follows:

Issue Instances
M-1 Centralization Risk for trusted owners 19

[M-1] Centralization Risk for trusted owners

Impact:

Contracts have owners with privileged rights to perform admin tasks and need to be trusted to not perform malicious updates or drain funds.

Instances (19):

File: contracts/L1/messaging/L1CrossDomainMessenger.sol

90:         __Context_init_unchained(); // Context is a dependency for both Ownable and Pausable

99:     function pause() external onlyOwner {

107:     function blockMessage(bytes32 _xDomainCalldataHash) external onlyOwner {

116:     function allowMessage(bytes32 _xDomainCalldataHash) external onlyOwner {

File: contracts/L1/rollup/ChainStorageContainer.sol

71:     function setGlobalMetadata(bytes27 _globalMetadata) public onlyOwner {

95:     function push(bytes32 _object) public onlyOwner {

103:     function push(bytes32 _object, bytes27 _globalMetadata) public onlyOwner {

119:     function deleteElementsAfterInclusive(uint256 _index) public onlyOwner {

File: contracts/L2/predeploys/OVM_DeployerWhitelist.sol

49:     function setWhitelistedDeployer(address _deployer, bool _isWhitelisted) external onlyOwner {

59:     function setOwner(address _owner) public onlyOwner {

75:     function enableArbitraryContractDeployment() external onlyOwner {

File: contracts/L2/predeploys/OVM_GasPriceOracle.sol

5: import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";

18: contract OVM_GasPriceOracle is Ownable {

41:     constructor(address _owner) Ownable() {

64:     function setGasPrice(uint256 _gasPrice) public onlyOwner {

74:     function setL1BaseFee(uint256 _baseFee) public onlyOwner {

84:     function setOverhead(uint256 _overhead) public onlyOwner {

94:     function setScalar(uint256 _scalar) public onlyOwner {

104:     function setDecimals(uint256 _decimals) public onlyOwner {
c4-judge commented 1 year ago

0xleastwood marked the issue as duplicate of #93

c4-judge commented 1 year ago

0xleastwood marked the issue as satisfactory

c4-judge commented 1 year ago

0xleastwood marked the issue as unsatisfactory: Invalid