code-423n4 / 2023-12-revolutionprotocol-findings

3 stars 2 forks source link

Tighten Admin Access Control #693

Closed c4-bot-1 closed 10 months ago

c4-bot-1 commented 10 months ago

Lines of code

https://github.com/code-423n4/2023-12-revolutionprotocol/blob/main/packages/revolution/src/CultureIndex.sol#L519

Vulnerability details

Admin functions do not use a custom admin role and rely only on owner access control.

Recommendation: Implement a custom admin role.

// Custom admin role instead of owner
enum Role {
    ADMIN
}

// Restrict drop function
function dropTopVotedPiece() external onlyRole(Role.ADMIN) {
   // Logic 
}

Assessed type

Access Control

c4-pre-sort commented 10 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 10 months ago

raymondfam marked the issue as duplicate of #686

c4-judge commented 9 months ago

MarioPoneder marked the issue as unsatisfactory: Insufficient quality