Skip to content

Latest commit

 

History

History
66 lines (45 loc) · 2.57 KB

086.md

File metadata and controls

66 lines (45 loc) · 2.57 KB

Fast Cerulean Armadillo

Medium

Missing Access Control in executeSetterFunction

Summary

The executeSetterFunction in the MultiSign contract lacks access control, allowing any user to call this function. Since this function is used in critical administrative functions such as setting the admin address, withdrawal time limit, protocol LTV, and bond ratio, this vulnerability could disrupt contract functionality and governance.

Root Cause

The executeSetterFunction does not implement any access control mechanism, making it callable by any external user.

    function executeSetterFunction(
        SetterFunctions _function
    ) external returns (bool) {
        // Get the number of approvals
        require(getSetterFunctionApproval(_function) >= requiredApprovals,"Required approvals not met");
        // Loop through the approved functions with owners mapping and change to false
        for (uint64 i; i < noOfOwners; i++) {
            approvedToUpdate[_function][owners[i]] = false;
        }
        return true;
    }

https://github.com/sherlock-audit/2024-11-autonomint/blob/0d324e04d4c0ca306e1ae4d4c65f0cb9d681751b/Blockchain/Blockchian/contracts/Core_logic/multiSign.sol#L304C1-L314C6

Admin use this function to set important values for CDS and borrowing contract. If a user call executeSetterFunction when enough approve collected, it will simply return true and reset the approvals. This prevents admin to update intended values .

    function setWithdrawTimeLimit(uint64 _timeLimit) external onlyAdmin {
        // Check he timelimit is non zero
        if (_timeLimit == 0) revert CDS_NeedsMoreThanZero();
        // Check whether, the function have required approvals from owners to set
        if (!multiSign.executeSetterFunction(IMultiSign.SetterFunctions(2))) revert CDS_RequiredApprovalsNotMetToSet();
        withdrawTimeLimit = _timeLimit;
    }

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

  1. A malicious user calls executeSetterFunction, bypassing intended governance processes.
  2. This resets approvals for critical functions, blocking authorized administrators from making essential updates.
  3. If approvals are reset repeatedly, administrative functions in linked contracts such as setAdmin, setWithdrawTimeLimit, setLTV, and setBondRatio could be permanently blocked.

Impact

Admin functions become unusable, potentially causing operational and financial losses

PoC

No response

Mitigation

Restrict executeSetterFunction to be callable only by whitelisted contracts