Albort - The implementation of ward/rely/deny in the project may cause administrators to lose their privileges and could also result in malicious grantees having permanent access. #127
The implementation of ward/rely/deny in the project may cause administrators to lose their privileges and could also result in malicious grantees having permanent access.
Summary
The implementation of ward/rely/deny in the project may cause administrators to lose their privileges and could also result in malicious grantees having permanent access.
Vulnerability Detail
Malicious grantees can call the deny() function to revoke the administrator’s privileges.
They can also call the rely() function to increase their privileges so that they can retain them even after authorization is revoked.
Albort
High
The implementation of ward/rely/deny in the project may cause administrators to lose their privileges and could also result in malicious grantees having permanent access.
Summary
The implementation of ward/rely/deny in the project may cause administrators to lose their privileges and could also result in malicious grantees having permanent access.
Vulnerability Detail
Malicious grantees can call the deny() function to revoke the administrator’s privileges.
They can also call the rely() function to increase their privileges so that they can retain them even after authorization is revoked.
Impact
Code Snippet
https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/dba30d7a676c20dfed3bda8c52fd6702e2e85bb1/nst/src/Nst.sol#L96
https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/dba30d7a676c20dfed3bda8c52fd6702e2e85bb1/ngt/src/Ngt.sol#L85 https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/dba30d7a676c20dfed3bda8c52fd6702e2e85bb1/ngt/src/Ngt.sol#L85 https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/dba30d7a676c20dfed3bda8c52fd6702e2e85bb1/ngt/src/Ngt.sol
https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/dba30d7a676c20dfed3bda8c52fd6702e2e85bb1/sdai/src/SNst.sol
https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/dba30d7a676c20dfed3bda8c52fd6702e2e85bb1/lockstake/src/LockstakeClipper.sol
Tool used
Manual Review
Recommendation
It is necessary to grant higher permissions to the "rely" and "deny" actions.
Duplicate of #48