Authorization Bypass Due to Expired Timestamp Check

[howlbot-integration[bot]]

Lines of code

https://github.com/ronin-chain/katana-operation-contracts/blob/27f9d28e00958bf3494fa405a8a5acdcd5ecdc5d/src/governance/KatanaGovernance.sol#L378

Vulnerability details

The _isAuthorized function allows access when block.timestamp is greater than the expiry timestamp, which is the opposite of the expected behavior. This logic flaw effectively allows accounts to maintain authorization even after the intended expiry period has passed, potentially bypassing security restrictions. In the Dispatcher.sol contract, the checkAuthorizedV3Path function calls isAuthorized, which relies on the _isAuthorized function to verify permissions. Due to a logic flaw in _isAuthorized, accounts are incorrectly granted authorization after the expiry timestamp has passed. This unintended behavior could allow unauthorized access to critical functionality, leading to potential misuse or exploitation of restricted actions. this vulnerability has high severity because it bypasses intended security restrictions. Mitigation:

if (expiry == AUTHORIZED || block.timestamp < expiry) return true;

Assessed type

Access Control

[c4-judge]

alex-ppg marked the issue as unsatisfactory: Invalid