Description: While browsing the mpc contract to learn more about chain signatures & mpc as part of Guvenkaya (https://www.guvenkaya.co/) research, I saw a security vulnerability in the init function
ignore_state is used. It means you can initialize the contract multiple times.
In this scenario, by calling init, you can
You can set a new threshold and set new candidates
By constantly calling init, you can always keep the contract in the ProtocolContractState::Initializing state, making any functions which require different states non-callable
You use the same pattern in clean(), but you also have a private macro on top, which does not allow anyone to call it apart from the current account id
Recommendation
Consider either adding #[private] macro or not using ignore_state
Asked for permission to create an Issue since SC is not ready yet
Description
Location: https://github.com/near/mpc-recovery/blob/develop/contract/src/lib.rs#L57
Description: While browsing the mpc contract to learn more about chain signatures & mpc as part of Guvenkaya (https://www.guvenkaya.co/) research, I saw a security vulnerability in the init function
ignore_state is used. It means you can initialize the contract multiple times.
In this scenario, by calling init, you can
You use the same pattern in clean(), but you also have a private macro on top, which does not allow anyone to call it apart from the current account id
Recommendation
Consider either adding #[private] macro or not using ignore_state