When a root safe exits an organization and becomes a member of a new organization, it retains the root role. This leads to unauthorized access as the contract assumes this safe is the root of the new organization. The relevant code snippet from _createOrgOrRoot assigns the ROOT_SAFE role to the root safe:
/// Assign SUPER_SAFE Role + SAFE_ROOT Role
RolesAuthority _authority = RolesAuthority(rolesAuthority);
_authority.setUserRole(
newRootSafe, uint8(DataTypes.Role.ROOT_SAFE), true
);
Scenario:
Safe A creates a new organization and becomes the root.
Safe A exits this organization.
Safe A is added as a member to a new organization.
The contract incorrectly assumes Safe A is the root of the new organization due to the retained ROOT_SAFE role.
Impact:
Unauthorized access control as the safe retains root privileges in the new organization.
Mitigation:
In the addSafe function, ensure that any existing ROOT_SAFE role is revoked before adding the safe to a new organization. The modified code should look like this:
@@ -379,6 +379,14 @@ contract PalmeraModule is Auth, Helpers {
indexSafe[org].push(safeId);
/// Give Role SuperSafe
RolesAuthority _authority = RolesAuthority(rolesAuthority);
+ if (_authority.doesUserHaveRole(
+ newSafe.safe, uint8(DataTypes.Role.ROOT_SAFE))
+ ) {
+ _authority.setUserRole(
+ newSafe.safe, uint8(DataTypes.Role.ROOT_SAFE), false
+ );
+ }
if (
(
This ensures that the root role is properly revoked when the safe is added to a new organization, preventing unauthorized access.
Github username: @0xmahdirostami Twitter username: 0xmahdirostami Submission hash (on-chain): 0x4fa5f750c55d8c00ed572d0c417eb015d71cfca301caef739cb0d4beed582de9 Severity: high
Description: Description:
When a root safe exits an organization and becomes a member of a new organization, it retains the root role. This leads to unauthorized access as the contract assumes this safe is the root of the new organization. The relevant code snippet from
_createOrgOrRoot
assigns theROOT_SAFE
role to the root safe:Scenario:
ROOT_SAFE
role.Impact:
Mitigation:
In the
addSafe
function, ensure that any existingROOT_SAFE
role is revoked before adding the safe to a new organization. The modified code should look like this:This ensures that the root role is properly revoked when the safe is added to a new organization, preventing unauthorized access.