Open github-actions[bot] opened 1 year ago
Fix looks good:
owner
role with 2-step transfer process + event emissionsmsg.sender
is the initial owner
owner
Non-zero add check isn't necessary IMO, since the zero add will then have to claim ownership. Can consider removing, but no harm leaving it either
hickuphh3
medium
Broken Operator Mechanism: Just 1 malicious / compromised operator can permanently break functionality
Summary
Operator access control isn't sufficiently resilient against a malicious or compromised actor.
Vulnerability Detail
I understand that we can assume all privileged roles to be trusted, but this is about the access control structure for the vault operators. The key thing here is that you can have multiple operators who can add or remove each other. As the saying goes, "you are as strong as your weakest link", so all it required is for 1 malicious or compromised operator to permanently break protocol functionality, with no possible remediation as he's able to kick out all other honest operators, including himself
The vault operator can do the following: 1) Set the
alchemist
contract to any address (except null) of his choosing. He can therefore permanently brick the claiming and liquidation process, resulting in the permanent locking of token holders' funds in Alchemix. 2) Steal last auction funds. WETH approval is given to thealchemist
contract every timeregister_deposit
is called, and with the fact that anyone can settle the contract, the malicious operator is able to do the following atomically:shares_issued
value when thedepositUnderlying()
function is calledImpact
DoS / holding the users' funds hostage.
Code Snippet
https://github.com/sherlock-audit/2023-02-fair-funding/blob/main/fair-funding/contracts/Vault.vy#L292-L300 https://github.com/sherlock-audit/2023-02-fair-funding/blob/main/fair-funding/contracts/Vault.vy#L589-L614
Tool used
Manual Review
Recommendation
Add an additional access control layer on top of operators: an
owner
that will be held by a multisig / DAO that's able to add / remove operators.