038.md

Dandy Caramel Tortoise

Medium

Old market owner can grant access to users that new market owner will not be able to revoke

Summary

Attesting by delegation will disallow new owner to revoke attestation of a stakeholder provided by earlier owner

Root Cause

The MarketRegistry allows for stakeholders to be registered via delegation. For such an attestation the attestor recorded will be the market owner

    function _attestStakeholderViaDelegation(
        uint256 _marketId,
        address _stakeholderAddress,
        uint256 _expirationTime,
        bool _isLender,
        uint8 _v,
        bytes32 _r,
        bytes32 _s
    )

To revoke the attestation properly (currently this is not handled in the MarketRegsitry contract), the _revoke function of the TellerAS contract has to be called. But here the person revoking should be the same as the attestor which will fail in case the owner of the market has been changed. Hence the new attestor cannot revoke a stakeholder

    function _revoke(bytes32 uuid, address attester) private {
        Attestation storage attestation = _db[uuid];
        if (attestation.uuid == EMPTY_UUID) {
            revert NotFound();
        }


        if (attestation.attester != attester) {
            revert AccessDenied();
        }


        if (attestation.revocationTime != 0) {
            revert AlreadyRevoked();
        }


        attestation.revocationTime = block.timestamp;

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

1. Owner attests a lender/borrower using delegation
2. The market is transferred to a new owner
3. The new owner cannot revoke the lender/borrower

Impact

New owner cannot revoke a lender/borrower

PoC

No response

Mitigation

Disable the delegation feature or handle this in the TellerAS contract