This agent detects exploits of the OpenZeppelin TimelockController
contract and helps to monitor any role changes in it.
For a detailed description of the contract vulnerability refer to the post-mortem.
Variables can be configured in the constants.ts
file.
- Allows to get the state at the block an event was emitted
- Enable only if JSON-RPC Provider supports this mode
- Read more: https://infura.io/docs/ethereum/add-ons/archiveData
- Default
true
- Ethereum
-
OPENZEPPELIN-TIMELOCK-CONTROLLER-0
- Fired if TimelockController minDelay has been set to 0
- Severity is always set to
"critical"
- Type is always set to
"exploit"
- Metadata
from
address of the sendercontract
affected contract address
-
OPENZEPPELIN-TIMELOCK-CONTROLLER-1
- Fired if TimelockController executed operation before it was scheduled
- Severity is always set to
"critical"
- Type is always set to
"exploit"
- Metadata
from
address of the sendercontract
affected contractoperationId
id of the executed operationcallData
stringified operation params ({ target, value, data })delay
delay of the executed operation
-
OPENZEPPELIN-TIMELOCK-CONTROLLER-2
- Fired when a new role has been granted
- Severity:
"critical"
if EXECUTOR became PROPOSER or TIMELOCK_ADMIN"info"
if it's a normal role granting
- Type:
"suspicious"
if EXECUTOR became PROPOSER or TIMELOCK_ADMIN"info"
if it's a normal role granting
- Metadata
sender
the account that originated the contract callaccount
granted account addresscontract
contract addressgrantedRole
granted role name (not a hash)previousRoles
roles of the account without the granted one
-
OPENZEPPELIN-TIMELOCK-CONTROLLER-3
- Fired when role has been revoked
- Severity is always set to
"medium"
- Type is always set to
"info"
- Metadata
sender
the account that originated the contract callaccount
revoked account addresscontract
contract addressrevokedRole
revoked role name (not a hash)currentRoles
all roles of the account without the revoked one
-
OPENZEPPELIN-TIMELOCK-CONTROLLER-4
- Fired when role has been renounced
- Severity is always set to
"medium"
- Type is always set to
"info"
- Metadata
account
renounced account addresscontract
contract addressrevokedRole
name of renounced role
-
OPENZEPPELIN-TIMELOCK-CONTROLLER-5
- Fired if contract address has been revoked from
TIMELOCK_ADMIN
role - Severity is always set to
"high"
- Type is always set to
"suspicious"
- Metadata
sender
the account that originated the contract callcontract
contract addresscontractRoles
all roles of the contract address
- Fired if contract address has been revoked from