Closed c4-bot-2 closed 10 months ago
141345 marked the issue as sufficient quality report
141345 marked the issue as primary issue
executor can change admin not sure if it is by design
Alec1017 (sponsor) disputed
This is expected behavior of the protocol
The warden doesn't show any proof that this is not by design with the exception of stating
The name admin implies that it has a higher level of privilege
which is of course not explicit and just an interpretation of a name. Given that the executor has many broad privileges besides modifying the admin I think its likely this is intended and without further evidence will mark as QA since it could be better documented.
0xean changed the severity to QA (Quality Assurance)
0xean marked the issue as grade-c
Lines of code
https://github.com/re-nft/smart-contracts/blob/3ddd32455a849c3c6dc3c3aad7a33a6c9b44c291/src/Kernel.sol#L236-L245
Vulnerability details
Impact
The executor and admin are defined as two separate roles with separate permissions. The name admin implies that it has a higher level of privilege but since the executor can change the admin address, it also has admin permissions.
Proof of Concept
According to the
Kernel
constructor docstring the\_executor
is in change of handling executions and the\_admin
is in charge of granting/revoking roles.https://github.com/re-nft/smart-contracts/blob/3ddd32455a849c3c6dc3c3aad7a33a6c9b44c291/src/Kernel.sol#L236-L245
On the contrary, the
\_executor
is also able to change the\_admin
address, also giving it the ability to grant/revoke roleshttps://github.com/re-nft/smart-contracts/blob/3ddd32455a849c3c6dc3c3aad7a33a6c9b44c291/src/Kernel.sol#L277-L302
Tools Used
Manual Review
Recommended Mitigation Steps
Consider removing this privilege from the executor.
Assessed type
Access Control