Open hats-bug-reporter[bot] opened 4 months ago
Github username: @https://github.com/sekkiat Twitter username: -- Submission hash (on-chain): 0xd3064ee5c12251e0d59ddb10b495019e1a48387128e208c62db9c67fec83856f Severity: medium
Description: Description\ Admin can change the signer which allows the admin/malicious attacker to sign the transaction.
Attack Scenario\
Attachments
//vulnerable code function changeSigner(address new_signer) external onlyOwner { require(new_signer != address(0), "ZERO_SIGNER"); external_signer = new_signer; } //POC function testChangeSigner() public { vm.prank(_owner); _bfx.changeSigner(attacker); assertEq(_bfx.external_signer(),attacker); }
Remediation
The private keys of the owner account are needed to carry out this attack.
Github username: @https://github.com/sekkiat Twitter username: -- Submission hash (on-chain): 0xd3064ee5c12251e0d59ddb10b495019e1a48387128e208c62db9c67fec83856f Severity: medium
Description: Description\ Admin can change the signer which allows the admin/malicious attacker to sign the transaction.
Attack Scenario\
Attachments
Remediation