## VoterUpgradeableV1_2: Lack of two step `voteradmin` and `governance` role makes contract vulnerable to be takenover

hats-finance / Fenix--0x9d7765a7ebd5b6322a30797a44a5428531970d3d

0 stars 1 forks source link

## VoterUpgradeableV1_2: Lack of two step `voteradmin` and `governance` role makes contract vulnerable to be takenover #14

Open hats-bug-reporter[bot] opened 2 months ago

hats-bug-reporter[bot] commented 2 months ago

Github username: @burhankhaja Twitter username: imaybeghost Submission hash (on-chain): 0x641b4259d48658553f538f2e60c062da5f82842266ac07286933095c81673bc2 Severity: low

Description: Description\ The function setVoterAdmin() transfer voteradmin role to a new address. similarly setGovernance() transfers governance role to a new address. former can only be called by voteradmin while the later can only be called by governance.

In case a wrong address is supplied, both the cruicial roles will be takenover, and there will be no way to save the protocol from bloodshed.

Recommendation\ Consider implementing a two step voteradmin and governance transfer, where the new voteradmin and governor is not directly handed the role, rather they can claim the role just like the openzepplen two step ownership transfers work

Attachments

Proof of Concept (PoC) File
Revised Code File (Optional)

0xmahdirostami commented 2 months ago

OOS, Invalid

burhankhaja commented 2 months ago

@0xmahdirostami i think brother, you are missing what sponsors added in github readme, there they clearly stated that for the contract VoterUpgradeableV1_2.sol and VotingEscrowUpgradeableV1_2.sol, only the changes made are inscope or if the vulnerability is critical

And you can clearly see that both the setVoterAdmin() and setGovernance() have been introduced after the changes, look in docs/diff/* both setVoteradmin(address) and setGovernance(address) have been introduced after changes

0xmahdirostami commented 2 months ago

thanks, but the scope that they give me is :

contracts/nest/libraries/VirtualRewarderCheckpoints.sol
contracts/nest/BaseManagedNFTStrategyUpgradeable.sol
contracts/nest/CompoundVeFNXManagedNFTStrategyFactoryUpgradeable.sol
contracts/nest/CompoundVeFNXManagedNFTStrategyUpgradeable.sol contracts/nest/ManagedNFTManagerUpgradeable.sol
contracts/nest/RouterV2PathProviderUpgradeable.sol
contracts/nest/SingelTokenBuybackUpgradeable.sol
contracts/nest/SingelTokenVirtualRewarderUpgradeable.sol

please check this page https://app.hats.finance/audit-competitions/fenix-0x9d7765a7ebd5b6322a30797a44a5428531970d3d/scope

burhankhaja commented 2 months ago

i raised this issue in discord, lets wait for what sponsors and internal hats teams says about this, cause yesterday these were listed as inscope in hats dapp even after the contest was live for a bit and secondly the github scope says the otherwise, lets wait brother

0xmahdirostami commented 2 months ago

for now, I will judge these submissions as well

non-issue, centralized category