search

sherlock-audit / 2024-06-makerdao-endgame-judging

1 stars 1 forks source link

Albort - The implementation of ward/rely/deny in the project may cause administrators to lose their privileges and could also result in malicious grantees having permanent access. #127

Closed sherlock-admin2 closed 1 month ago

sherlock-admin2 commented 1 month ago

Albort

High

The implementation of ward/rely/deny in the project may cause administrators to lose their privileges and could also result in malicious grantees having permanent access.

Summary

The implementation of ward/rely/deny in the project may cause administrators to lose their privileges and could also result in malicious grantees having permanent access.

Vulnerability Detail

Malicious grantees can call the deny() function to revoke the administrator’s privileges.

They can also call the rely() function to increase their privileges so that they can retain them even after authorization is revoked.

Impact

Code Snippet

https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/dba30d7a676c20dfed3bda8c52fd6702e2e85bb1/nst/src/Nst.sol#L96

https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/dba30d7a676c20dfed3bda8c52fd6702e2e85bb1/ngt/src/Ngt.sol#L85 https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/dba30d7a676c20dfed3bda8c52fd6702e2e85bb1/ngt/src/Ngt.sol#L85 https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/dba30d7a676c20dfed3bda8c52fd6702e2e85bb1/ngt/src/Ngt.sol

https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/dba30d7a676c20dfed3bda8c52fd6702e2e85bb1/sdai/src/SNst.sol

https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/dba30d7a676c20dfed3bda8c52fd6702e2e85bb1/lockstake/src/LockstakeClipper.sol

Tool used

Manual Review

Recommendation

It is necessary to grant higher permissions to the "rely" and "deny" actions.

Duplicate of #48

sunbreak1211 commented 1 month ago

The authorization scheme is what it is. This is totally out of scope.