Centralization Risk – Admin can change the signer

[hats-bug-reporter[bot]]

Github username: @https://github.com/sekkiat Twitter username: -- Submission hash (on-chain): 0xd3064ee5c12251e0d59ddb10b495019e1a48387128e208c62db9c67fec83856f Severity: medium

Description: Description\ Admin can change the signer which allows the admin/malicious attacker to sign the transaction.

Attack Scenario\

1. Admin change th esigner.
2. The new signer can sign the transaction and withdraw the funds

Attachments

1. Proof of Concept (PoC) File

    //vulnerable code
    function changeSigner(address new_signer) external onlyOwner {
        require(new_signer != address(0), "ZERO_SIGNER");
        external_signer = new_signer;
    }

    //POC
    function testChangeSigner() public {
        vm.prank(_owner);
        _bfx.changeSigner(attacker);
        assertEq(_bfx.external_signer(),attacker);
    }

Remediation

• Set in the initialize() function and does not need to be changed.

[alex-sumner]

The private keys of the owner account are needed to carry out this attack.