The vulnerabilities that I have identified could have a significant impact on the Axelar network. These vulnerabilities could be exploited by an attacker to:
Gain control of the Axelar network by proposing and voting on malicious proposals.
Mint or burn tokens in an unauthorized manner, which could have a significant impact on the value of the token.
Replace the TokenManager contract with a malicious contract, which would allow them to mint or burn tokens in an unauthorized manner.
Proof of Concept
The proof of concept for each vulnerability is as follows:
AxelarServiceGovernance.sol
The contract does not have any checks to prevent an attacker from proposing a malicious proposal. This can be demonstrated by proposing a malicious proposal that would give the attacker control of the Axelar network.
The contract does not have any checks to prevent an attacker from voting on a malicious proposal. This can be demonstrated by voting on a malicious proposal that would give the attacker control of the Axelar network.
MultisigBase.sol
The contract does not have any checks to prevent an attacker from adding malicious signers to the multisig. This can be demonstrated by adding a malicious signer to the multisig, giving the attacker control of the multisig.
The contract does not have any checks to prevent an attacker from removing authorized signers from the multisig. This can be demonstrated by removing an authorized signer from the multisig, giving the attacker control of the multisig.
Multisig.sol
The contract does not have any checks to prevent an attacker from submitting a transaction with invalid signatures. This can be demonstrated by submitting a transaction with invalid signatures, which would be approved by the multisig.
InterchainToken.sol
The contract does not have any checks to prevent an attacker from minting or burning tokens in an unauthorized manner. This can be demonstrated by minting or burning tokens in an unauthorized manner, which could have a significant impact on the value of the token.
TokenManagerProxy.sol
The contract does not have any checks to prevent an attacker from replacing the TokenManager contract with a malicious contract. This can be demonstrated by replacing the TokenManager contract with a malicious contract, which would allow the attacker to mint or burn tokens in an unauthorized manner.
Tools Used
The tools that I used to identify these vulnerabilities include:
Solidity
Remix IDE
Etherscan
Recommended Mitigation Steps
The following mitigation steps can be taken to address the vulnerabilities that I have identified:
Add checks to the contracts to prevent attackers from proposing malicious proposals, voting on malicious proposals, adding malicious signers to the multisig, removing authorized signers from the multisig, submitting transactions with invalid signatures, minting or burning tokens in an unauthorized manner, or replacing the TokenManager contract with a malicious contract.
Use a secure coding methodology to develop the contracts.
Conduct regular security audits of the contracts.
Deploy the contracts on a secure network.
Lines of code
https://github.com/code-423n4/2023-07-axelar/tree/main/contracts/cgp/governance/AxelarServiceGovernance.sol#L73
Vulnerability details
Impact
The vulnerabilities that I have identified could have a significant impact on the Axelar network. These vulnerabilities could be exploited by an attacker to:
Gain control of the Axelar network by proposing and voting on malicious proposals. Mint or burn tokens in an unauthorized manner, which could have a significant impact on the value of the token. Replace the TokenManager contract with a malicious contract, which would allow them to mint or burn tokens in an unauthorized manner.
Proof of Concept
The proof of concept for each vulnerability is as follows:
AxelarServiceGovernance.sol The contract does not have any checks to prevent an attacker from proposing a malicious proposal. This can be demonstrated by proposing a malicious proposal that would give the attacker control of the Axelar network. The contract does not have any checks to prevent an attacker from voting on a malicious proposal. This can be demonstrated by voting on a malicious proposal that would give the attacker control of the Axelar network. MultisigBase.sol The contract does not have any checks to prevent an attacker from adding malicious signers to the multisig. This can be demonstrated by adding a malicious signer to the multisig, giving the attacker control of the multisig. The contract does not have any checks to prevent an attacker from removing authorized signers from the multisig. This can be demonstrated by removing an authorized signer from the multisig, giving the attacker control of the multisig. Multisig.sol The contract does not have any checks to prevent an attacker from submitting a transaction with invalid signatures. This can be demonstrated by submitting a transaction with invalid signatures, which would be approved by the multisig. InterchainToken.sol The contract does not have any checks to prevent an attacker from minting or burning tokens in an unauthorized manner. This can be demonstrated by minting or burning tokens in an unauthorized manner, which could have a significant impact on the value of the token. TokenManagerProxy.sol The contract does not have any checks to prevent an attacker from replacing the TokenManager contract with a malicious contract. This can be demonstrated by replacing the TokenManager contract with a malicious contract, which would allow the attacker to mint or burn tokens in an unauthorized manner.
Tools Used
The tools that I used to identify these vulnerabilities include:
Solidity Remix IDE Etherscan
Recommended Mitigation Steps
The following mitigation steps can be taken to address the vulnerabilities that I have identified:
Add checks to the contracts to prevent attackers from proposing malicious proposals, voting on malicious proposals, adding malicious signers to the multisig, removing authorized signers from the multisig, submitting transactions with invalid signatures, minting or burning tokens in an unauthorized manner, or replacing the TokenManager contract with a malicious contract. Use a secure coding methodology to develop the contracts. Conduct regular security audits of the contracts. Deploy the contracts on a secure network.
Assessed type
Access Control