Closed sherlock-admin closed 1 year ago
This is expected behavior. By design, higher level admins delegate to lower level admins, which means they should have authority over lower level admins. Future versions of the protocol may introduce more configuration options that establish additional models, but this simplicity is intentional for v1.
GimelSec
medium
Bad admins can front-run mintHat()
Summary
If an admin wants to mint a hat for someone, the admin should call
createHat()
first and then callmintHat()
to deliver the hat. SincemintHat()
can be called by all the admins of the minted hat, any admin can front-run mintHat().Vulnerability Detail
mintHat()
can be called by any admin of the minted hat. And If an admin wants to mint a hat for someone, the admin must callcreateHat()
first. A bad admin can block other admins from minting hats to the recipients by front-runningmintHat()
. https://github.com/Hats-Protocol/hats-protocol/blob/fafcfdf046c0369c1f9e077eacd94a328f9d7af0/src/Hats.sol#L241Impact
A bad admin can block other admins from minting hats to the recipients.
Code Snippet
https://github.com/Hats-Protocol/hats-protocol/blob/fafcfdf046c0369c1f9e077eacd94a328f9d7af0/src/Hats.sol#L241 https://github.com/Hats-Protocol/hats-protocol/blob/fafcfdf046c0369c1f9e077eacd94a328f9d7af0/src/Hats.sol#L520 https://github.com/Hats-Protocol/hats-protocol/blob/fafcfdf046c0369c1f9e077eacd94a328f9d7af0/src/Hats.sol#L831
Tool used
Manual Review
Recommendation
Add an optional argument in
createHat()
so that the admins can decide if they want to mint the created hat on their own.