Skip to content

Latest commit

 

History

History
57 lines (38 loc) · 1.51 KB

037.md

File metadata and controls

57 lines (38 loc) · 1.51 KB

Dandy Caramel Tortoise

Medium

Attacker can revoke any user from a market

Summary

Lack of access control in revokeLender allows an attacker to revoke any participant from a market

Root Cause

The delegation version of the revokeLender function fails to perform any access control checks allowing any user to revoke any user

    function _revokeStakeholderViaDelegation(
        uint256 _marketId,
        address _stakeholderAddress,
        bool _isLender,
        uint8 _v,
        bytes32 _r,
        bytes32 _s
    ) internal {
        bytes32 uuid = _revokeStakeholderVerification(
            _marketId,
            _stakeholderAddress,
            _isLender
        );
        // NOTE: Disabling the call to revoke the attestation on EAS contracts
        //        address attestor = markets[_marketId].owner;
        //        tellerAS.revokeByDelegation(uuid, attestor, _v, _r, _s);
    }

Internal pre-conditions

Attestation should be enabled to observe the impact

External pre-conditions

No response

Attack Path

  1. Attacker calls revokeLender by passing in any address they wish to revoke from the market

Impact

Attacker can revoke any address they wish from any market making the market unuseable

PoC

No response

Mitigation

Perform access control checks