This vulnerability was not resolved in the previous audit, despite being marked as fixed. This is M1 from audit/core/Renascence - Karak Core Audit Report.pdf .
Unregistered Operator can call finalizeUpdateVaultStakeInDSS from Core.sol which must only Callable for the registered Operator.
Proof of Concept
This vulnerability was not resolved in the previous audit, despite being marked as fixed. This is M1 from audit/core/Renascence - Karak Core Audit Report.pdf
Tools Used
Manual Review
Recommended Mitigation Steps
If every DSS ensures its own access control that the operator calling Core.finalizeUpdateVaultStakeInDSS() is registered with the DSS, then Core.finalizeUpdateVaultStakeInDSS() should set canFail = false to avoid recording an incorrect state in Core.sol. In the case where DSSs rely on Core.sol to perform an access control check on the operator,Core::finalizeUpdateVaultStakeInDSS() must have an onlyOperatorRegisteredToDSS modifier.
Lines of code
https://github.com/code-423n4/2024-07-karak/blob/f5e52fdcb4c20c4318d532a9f08f7876e9afb321/src/Core.sol#L146
Vulnerability details
Impact
This vulnerability was not resolved in the previous audit, despite being marked as fixed. This is
M1
fromaudit/core/Renascence - Karak Core Audit Report.pdf
.Unregistered Operator can call
finalizeUpdateVaultStakeInDSS
from Core.sol which must only Callable for the registered Operator.Proof of Concept
M1
fromaudit/core/Renascence - Karak Core Audit Report.pdf
Tools Used
Recommended Mitigation Steps
Core::finalizeUpdateVaultStakeInDSS()
must have an onlyOperatorRegisteredToDSS modifier.Assessed type
Access Control