Disabled multisig can perform Minipool operations #538
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-702
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
Lines of code
https://github.com/code-423n4/2022-12-gogopool/blob/main/contracts/contract/Ocyticus.sol#L55
https://github.com/code-423n4/2022-12-gogopool/blob/main/contracts/contract/MinipoolManager.sol#L57
Vulnerability details
Impact
In GoGoPool protocol, all multisigs can be disabled using the
Ocyticus.pauseEverything
andOcyticus.disableAllMultisigs
functions. It should also be noted that inMinipoolManager
every Minipool gets assigned a mulstisig at the time of that Minipool creation.After a multisig has been disabled it can still perform various operations on the Minipool for which it was assigned as a valid multisig. The operations includes:
The disabling of multisigs can be done for various reasons (including private key compromises) and letting disabled multisigs perform crucial operations on Minipools is not ideal.
Proof of Concept
Consider this scenario:
Ocyticus.disableAllMultisigs
was invoked and all multisigs were disabled.Tools Used
Manual review
Recommended Mitigation Steps
The protocol should check the current
enabled
ordisabled
state of the caller multisigs before allowing it to perform any operation on the Minipool. The protocol should also have a way to upgrade the assigned multisig for a Minipool.The text was updated successfully, but these errors were encountered: