XO-revokeGovernor function allows attacker to continue to act as governor
Summary
The vulnerability in the revokeGovernor function it does not actually revoke the old governor, it simply checks to see if the old governor is equal to the current governor. If they are equal, the function does nothing, the function reverts.
Vulnerability Detail
*/
interface IERC20Token is IERC20Metadata {
function GOVERNOR_ROLE() external view returns (bytes32);
function GUARDIAN_ROLE() external view returns (bytes32);
function MINTER_ROLE() external view returns (bytes32);
function setGovernor(address newGovernor, address oldGovernor) external;
function revokeGovernor(address oldGovernor) external;
function setGuardian(address newGuardian, address oldGuardian) external;
function revokeGuardian(address oldGuardian) external;
function setMinter(address newMinter, address oldMinter) external;
function revokeMinter(address oldMinter) external;
function pause() external;
function unpause() external;
function mint(address account, uint256 amount) external;
function burn(address burner, uint256 amount) external;
function addBlackList(address evilUser) external;
function removeBlackList(address clearedUser) external;
function getBlacklist(address addr) external view returns (bool);
}
There is a vulnerability in interface IERC20Token so the real problem is in the revokeGovernor function, this function does not actually revoke the old governor, it simply checks to see if the old governor is equal to the current governor. If they are equal, the function does nothing. Otherwise, the function reverts, This is vulnerability it allows an attacker to continue to act asgovernor even after they have been revoked so The attacker can do this by simply creating a new account that is equal to the address of the old governor, the attacker can then use this new account to call the revokeGovernor function, and the function will do nothing.
Impact
This vulnerability allows an attacker to continue to act as governor even after they have been revoked. the attacker can do this by simply creating a new account that is equal to the address of the old governor. The attacker can then use this new account to call the revokeGovernor function, and the function will do nothing.
adding a check to the revokeGovernor function to make sure that the old governor is not equal to the address of 0x0 or the address of the current sender.
XDZIBEC
high
XO-revokeGovernor function allows attacker to continue to act as governor
Summary
revokeGovernor
function it does not actuallyrevoke
the old governor, it simply checks to see if the oldgovernor
is equal to the currentgovernor
. If they are equal, the function does nothing, the function reverts.Vulnerability Detail
IERC20Token
so the real problem is in therevokeGovernor
function, this function does not actuallyrevoke
the oldgovernor
, it simply checks to see if the oldgovernor
is equal to the currentgovernor
. If they are equal, the function does nothing. Otherwise, the functionreverts
, This is vulnerability it allows an attacker to continue to act asgovernor
even after they have beenrevoked
so The attacker can do this by simply creating a new account that is equal to the address of the oldgovernor
, the attacker can then use this new account to call therevokeGovernor
function, and the function will do nothing.Impact
governor
even after they have beenrevoked
. the attacker can do this by simply creating a new account that is equal to the address of theold governor
. The attacker can then use this new account to call therevokeGovernor
function, and the function will do nothing.Code Snippet
Tool used
Manual Review
Recommendation
revokeGovernor
function to make sure that the old governor is not equal to the address of0x0
or the address of the currentsender
.