Open hats-bug-reporter[bot] opened 3 months ago
A module's permission can be set before it is added. Thus the new Authorizer would already have the roles ready for when the change occurs. That's how I see it imo
We actually added a disclaimer in the IOrchestrator interface for this
Github username: @0xfuje Twitter username: 0xfuje Submission hash (on-chain): 0xdd3c450b085bf7e935ab7042d99999daee778043f6169dad20fbba7c18ce301e Severity: medium
Description:
Impact
Temporary or permanent denial of service, breaks functionality of permissioned module roles across orchestrator system
Description
The whole orchestrator system is role-based where many modules can have different roles. The problem is when executing a new
Authorizer
set these modules will lose their respective roles since every module and the orchestrator queriesAuthorizer
foronlyModuleRole()
andonlyOrchestratorAdmin()
.Orchestrator_v1.sol
-initiateSetAuthorizerWithTimelock()
Proof of Concept
Orchestrator role
This is less likely, but certainly possible without safeguards.
onlyOrchestratorOwner()
restricted functions permanently unaccessibleAuthorizer
update the modules will lose their roles permanentlyModule roles
LM_PC_Bounties_v1
,LM_PC_KPIRewarder_v1
,LM_PC_PaymentRouter_v1
and more contractsRecommendation
Note: The safeguards can be added to
executeSetAuthorizer()
instead ofinitiateSetAuthorizerWithTimelock()
No complexity solution
Consider to add disclaimers to both
initiateSetAuthorizerWithTimelock()
and to theAUT_Roles_v1
contract that warn the orchestrator to set up every role before initiating a new authorizer instance.Less complexity, higher safety solution
Consider to enforce
initiateSetAuthorizerWithTimelock()
to at least query the main roleDEFAULT_ADMIN_ROLE
of orchestrator owner and enforce it is the same address with the new authorizer. Note that the orchestrator owner can transfer ownership later if needed.Highest complexity, highest safety solution
If additional safety is needed consider to enforce every role to remain the same in
initiateSetAuthorizerWithTimelock()
.