Open hats-bug-reporter[bot] opened 2 months ago
Yes and no Apperently we didnt have any need up until now to burnAnAdmin from a role in the first place The internal functions are helper functions, that make it easier for Moduledevs to interact with internal contracts, but they are technically not needed here.' I would rate this as invalid, because the burnModuleAdmin is technically not needed, as the burnAdminFromModuleRole is exposed via external already
Github username: @Audinarey Twitter username: audinarey Submission hash (on-chain): 0xf499163d622324a4339ffbeccb8b911e876489ed7a9f1bd6b66fb4bd70a9b7a2 Severity: medium
Description: Description\ The
AUT_Roles_v1::burnAdminFromModuleRole(...)
is implemented such that a module role can be set toBURN_ADMIN_ROLE
from the module and can be called by only a module. However, the module does not implement any means to call the function ans as such the module roles cannot be set toBURN_ADMIN_ROLE
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)
Implement a method for the modules to call the
burnAdminFromModuleRole(...)
function from within the module as shown below