Open code423n4 opened 1 year ago
141345 marked the issue as primary issue
can set back.
QA might be more appropriate.
PowVT marked the issue as sponsor acknowledged
setMinter and mint tokens will have very high custom thresholds when governance is released. The distributor contract will be owned by a multisig and require multiple sign offs.
PowVT marked the issue as disagree with severity
QA
0xean changed the severity to QA (Quality Assurance)
0xean marked the issue as grade-b
0xean marked the issue as grade-a
Lines of code
https://github.com/code-423n4/2023-07-arcade/blob/f8ac4e7c4fdea559b73d9dd5606f618d4e6c73cd/contracts/token/ArcadeToken.sol#L132-L137 https://github.com/code-423n4/2023-07-arcade/blob/f8ac4e7c4fdea559b73d9dd5606f618d4e6c73cd/contracts/token/ArcadeTokenDistributor.sol#L73-L82 https://github.com/code-423n4/2023-07-arcade/blob/f8ac4e7c4fdea559b73d9dd5606f618d4e6c73cd/contracts/token/ArcadeTokenDistributor.sol#L89-L98 https://github.com/code-423n4/2023-07-arcade/blob/f8ac4e7c4fdea559b73d9dd5606f618d4e6c73cd/contracts/token/ArcadeTokenDistributor.sol#L105-L114 https://github.com/code-423n4/2023-07-arcade/blob/f8ac4e7c4fdea559b73d9dd5606f618d4e6c73cd/contracts/token/ArcadeTokenDistributor.sol#L121-L130 https://github.com/code-423n4/2023-07-arcade/blob/f8ac4e7c4fdea559b73d9dd5606f618d4e6c73cd/contracts/token/ArcadeTokenDistributor.sol#L138-L147 https://github.com/code-423n4/2023-07-arcade/blob/f8ac4e7c4fdea559b73d9dd5606f618d4e6c73cd/contracts/token/ArcadeTokenDistributor.sol#L155-L164
Vulnerability details
ArcadeToken::setMinter
should be a two-step process - any mistake when setting the minter may lead to minter set to an address with unknown private key and it won't be possible to mint new tokens. Recovery will also be impossible since new minter can be only set by the current minter.The two-step process would look like as follows:
setMinter
is called with some addressX
and a variable calledpendingMinter
, for example, will be set toX
X
would have to call a function calledbecomeMinter
(or some other, similar name), which would check ifX == msg.sender
and will change minter if that condition is satisfiedSuch a process is easy to implement and will prevent situations as the one described above, in the first paragraph.
Similar process should be implemented for the following functions from
ArcadeTokenDistributor
:toTreasury
toDevPartner
toCommunityRewards
toCommunityAirdrop
toTeamVesting
toPartnerVesting
If wrong address is supplied in any of these functions, entire
ArcadeToken
balance that should be distributed to some entity / group of people will be irrecoverably lost. Target address which is entitled to receiveArcadeTokens
should be able instead to call a functionArcadeTokenDistributor::claim
(or a function with a similar name), which would just transfer tokens tomsg.sender
if it is correct.Impact
ArcadeToken::minter
set to an address with unknown private key will result in inability to mint newArcadeToken
s - it clearly affects protocol functionality.Any mistake in the functions from
ArcadeTokenDistributor
enumerated above will result in a loss of funds.Since protocol functionality may be affected and money can be lost (hence the impact is severe) and the issue requires an external factor (wrong address has to be provided), I'm submitting it as Medium.
Proof of Concept
Consider the following scenarios:
ArcadeToken::minter
decides to set the new minter, but the wrong address is specified.ArcadeToken
s anymore.Or, the second one:
toTreasury
function is called with a wrong address.ArcadeToken
allocation for the treasury (25.5%
of initial distribution) will be irrecoverably lost.Tools Used
VS Code
Recommended Mitigation Steps
Implement two-step process in order to make sure that even when a wrong address is specified, it won't negatively affect the protocol.
Assessed type
Other