Skip to content

Latest commit

 

History

History
89 lines (64 loc) · 2.91 KB

012.md

File metadata and controls

89 lines (64 loc) · 2.91 KB

Low Tangerine Cod

Medium

multisig can restrict functions that it should not

Summary

In readme:

In CDS.sol setAdminTwo(), setUsdtLimit(), setUSDaLimit() can be called only by Admin and the input can't be zero value. setWithdrawTimeLimit() setTreasury() can be called only by Admin and the input can't be zero value. Another restriction is that admin should have approval from multisig for setting it

Root Cause

From readme we can see that functions setAdminTwo(), setUsdtLimit(), setUSDaLimit should not be blocked by multisig but they are

    function setUSDaLimit(uint8 percent) external onlyAdmin {
        // Checkt the percent is non zero
        if (percent == 0) revert CDS_NeedsMoreThanZero();
        // Check whether, the function have required approvals from owners to set
->        if (!multiSign.executeSetterFunction(IMultiSign.SetterFunctions(8))) revert CDS_RequiredApprovalsNotMetToSet();
        usdaLimit = percent;
    }

    /**
     * @dev set usdt time limit in deposit
     * @param amount USDT amount in wei
     */
    function setUsdtLimit(uint64 amount) external onlyAdmin {
        // Check the amount is non zero
        if (amount == 0) revert CDS_NeedsMoreThanZero();
        // Check whether, the function have required approvals from owners to set
->        if (!multiSign.executeSetterFunction(IMultiSign.SetterFunctions(9))) revert CDS_RequiredApprovalsNotMetToSet();
        usdtLimit = amount;
    }

Core_logic/CDS.sol#L615

Internal pre-conditions

No response

External pre-conditions

Multisig decides to block setUsdtLimit and setUSDaLimit

Attack Path

multiSign block setUSDaLimit, setUsdtLimit

Impact

Broken protocol invariant with roles in README

If the protocol team includes specific information in the README or CODE COMMENTS, that information may be used as context during the judging process.

PoC

No response

Mitigation

    function setUSDaLimit(uint8 percent) external onlyAdmin {
        // Checkt the percent is non zero
        if (percent == 0) revert CDS_NeedsMoreThanZero();
        // Check whether, the function have required approvals from owners to set
-        if (!multiSign.executeSetterFunction(IMultiSign.SetterFunctions(8))) revert CDS_RequiredApprovalsNotMetToSet();
        usdaLimit = percent;
    }

    /**
     * @dev set usdt time limit in deposit
     * @param amount USDT amount in wei
     */
    function setUsdtLimit(uint64 amount) external onlyAdmin {
        // Check the amount is non zero
        if (amount == 0) revert CDS_NeedsMoreThanZero();
        // Check whether, the function have required approvals from owners to set
-        if (!multiSign.executeSetterFunction(IMultiSign.SetterFunctions(9))) revert CDS_RequiredApprovalsNotMetToSet();
        usdtLimit = amount;
    }