Single Point of Failure in Backend Hash Management

[NegruGeorge]

Describe the bug The GenFWStorage contract relies on a backend to set the hashes used for forced withdrawals. This creates a single point of failure.

Configuration

• Severity: LOW

Impact

Backend Compromise: If the backend is compromised, an attacker can manipulate the hashes to exploit the withdrawal functions. Unauthorized Withdrawals: Malicious actors can use fraudulent hashes to withdraw funds from the bridge contract.

Recommendation The closer needs to exercise caution when using the forceRegistry function to ensure only legitimate and secure storage contracts are registered. Here are some key points to consider:

1. Validation of Contracts: Ensure that the storage contracts being registered are verified and secure.
2. Multi-Signature Approval: Implement a multi-signature mechanism for registering new storage contracts to prevent unilateral decisions.
3. Transparency: Maintain transparency by documenting and publishing changes made through forceRegistry.

By taking these precautions, the closer can significantly reduce the risk of security breaches and unauthorized withdrawals.

Exploit Scenario

Demo

[DevUreak]

Thank you for your confirmation. In this part, the hash value for the address will be transparently disclosed when the protocol starts. Also, applying multi-signature in #19 will increase security.