The delegate function allows msg.sender to initiate a delegation from _vault to _to without verifying if msg.sender has the necessary permissions or role to perform this action on behalf of _vault.
Vulnerability Detail
Any user can call the delegate function and delegate authority from _vault to any address, leading to unauthorized changes
Impact
This can lead to unauthorized users being able to delegate authority
newt
medium
Missing Authorization Check in
delegate
FunctionSummary
The
delegate
function allowsmsg.sender
to initiate a delegation from_vault
to_to
without verifying ifmsg.sender
has the necessary permissions or role to perform this action on behalf of _vault.Vulnerability Detail
Any user can call the
delegate
function and delegate authority from_vault
to any address, leading to unauthorized changesImpact
This can lead to unauthorized users being able to delegate authority
Code Snippet
function delegate(address _vault, address _to) external { _delegate(_vault, msg.sender, _to); }
https://github.com/sherlock-audit/2024-05-pooltogether/blob/main/pt-v5-twab-controller/src/TwabController.sol#L524-L526
Tool used
Manual Review
Recommendation
Ensure that
msg.sender
has the necessary permissions to delegate on behalf of_vault
and include an error to handle unauthorized calls.