search

sherlock-audit / 2023-12-avail-judging

4 stars 4 forks source link

bareli - Centralization Risk: #67

Closed sherlock-admin closed 8 months ago

sherlock-admin commented 8 months ago

bareli

medium

Centralization Risk:

Summary

Centralization Risk: The contract relies on a single availBridge address, which introduces a central point of control and failure. If the availBridge is compromised, it could lead to security issues.

Vulnerability Detail

function onAvailMessage(bytes32 from, bytes calldata data) public virtual { if (msg.sender != availBridge) { revert OnlyAvailBridge(); } _onAvailMessage(from, data); }

Impact

If the availBridge is compromised, it could lead to security issues.

Code Snippet

https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/MessageReceiver.sol#L18

Tool used

Manual Review

Recommendation

use a dao or multisig

sherlock-admin commented 8 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid because {invalid: centralization == admins are trusted}