Closed c4-bot-4 closed 5 months ago
0xSorryNotSorry marked the issue as insufficient quality report
0xSorryNotSorry marked the issue as remove high or low quality report
0xSorryNotSorry marked the issue as sufficient quality report
0xSorryNotSorry marked the issue as duplicate of #1253
Invalid. I don't see any relation between the multisig and the address alias in this case. The address alias on Arbitrum is used to obtain the address of the sender on L1, while the GUARDIAN role is an Arbitrum address that can execute the pause operation.
Trumpero marked the issue as not a duplicate
Trumpero marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/governance/GuildGovernor.sol#L110-L117
Vulnerability details
Impact
Functions with the
onlyCoreRole(CoreRoles.GUARDIAN)
modifier may become unavailable if the sequencer is down. This issue arises due to the interaction of theGUARDIAN
role, which is operated by a multisig, with Arbitrum's address aliasing feature.While it is possible for Externally Owned Accounts (EOAs) to avoid address aliasing on transactions submitted to Arbitrum's delayed inbox, the multisig address will still be aliased when interacting with the L2. As a result, the multisig may not be able to pause the protocol, especially during a network outage. This could potentially leave the protocol and its users unprotected in such scenarios.
The affected functions are
pause()
andunpause()
inCoreRef.sol
, andguardianCancel()
inGuildGovernor.sol
.https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/governance/GuildGovernor.sol#L110-L117 https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/core/CoreRef.sol#L57-L64
Proof of Concept
Consider a scenario where the network is experiencing an outage. In this situation, the
GUARDIAN
role, operated by a multisig, attempts to pause the protocol by calling thepause()
function. However, due to Arbitrum's address aliasing, the multisig's address is aliased, and the call topause()
fails, leaving the protocol and its users exposed.Tools Used
Manual review
Recommended Mitigation Steps
Check for aliased addresses in the
onlyCoreRole
modifier as recommended in the Arbitrum documentation.Assessed type
Other