search

sherlock-audit / 2024-05-pooltogether-judging

2 stars 0 forks source link

newt - Lack of Access Control on `sponsor` Function #152

Closed sherlock-admin2 closed 1 month ago

sherlock-admin2 commented 1 month ago

newt

medium

Lack of Access Control on sponsor Function

Summary

The sponsor function is intended to be called only by the Vault contract, but it lacks access control, allowing any address to call it. This can lead to unauthorized entities calling the function,

Vulnerability Detail

The contract owner or the designated controller (Vault) loses control over who can perform sponsorship delegations.

Impact

This could lead to hackers exploiting the function manipulating the sponsorship

Code Snippet

function sponsor(address _from) external { _delegate(msg.sender, _from, SPONSORSHIP_ADDRESS); }

https://github.com/sherlock-audit/2024-05-pooltogether/blob/main/pt-v5-twab-controller/src/TwabController.sol#L533-L535

Tool used

Manual Review

Recommendation

implement access control to ensure that only the Vault contract can call the sponsor function

sherlock-admin2 commented 1 month ago

1 comment(s) were left on this issue during the judging contest.

infect3d commented:

this is false: ""The sponsor function is intended to be called only by the Vault contract""

nevillehuang commented 1 month ago

Invalid, permissions to delegate is gated to caller msg.sender