Malicious/compromised owner can lead to limitless minting of gov NFT #176
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-377
edited-by-warden
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/GovNFT.sol#L240
Vulnerability details
Impact
Malicious/compromised owner can lead to limitless minting of gov NFT.
Proof of Concept
A malicious or compromised governor can set the
endpoint
address to any malicious address.https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/GovNFT.sol#L240
The malicious
endpoint
can mint NFT to his own address without any limitation by calling the functionlzReceive
.https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/GovNFT.sol#L168
Tools Used
Recommended Mitigation Steps
endpoint
. Because, it is almost impossible to notice the maliciousendpoint
address assignment with the immediate address change. While, having a delay between setting the pendingendpoint
and assigning it, gives the protocol or users enough time to investigate the validity of the newendpoint
address.The text was updated successfully, but these errors were encountered: