Skip to content

kovart3/contest-3-1

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

src

src

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

.prettierrc

.prettierrc

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

jest.config.js

jest.config.js

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

publish.log

publish.log

 
 

tsconfig.json

tsconfig.json

 
 

Repository files navigation

OpenZeppelin TimelockController Agent

Description

This agent detects exploits of the OpenZeppelin TimelockController contract and helps to monitor any role changes in it.

For a detailed description of the contract vulnerability refer to the post-mortem.

Variables

Variables can be configured in the constants.ts file.

ARCHIVE_DATA_MODE: boolean

Supported Chains

  • Ethereum

Alerts

  • OPENZEPPELIN-TIMELOCK-CONTROLLER-0

    • Fired if TimelockController minDelay has been set to 0
    • Severity is always set to "critical"
    • Type is always set to "exploit"
    • Metadata
      • from address of the sender
      • contract affected contract address

  • OPENZEPPELIN-TIMELOCK-CONTROLLER-1

    • Fired if TimelockController executed operation before it was scheduled
    • Severity is always set to "critical"
    • Type is always set to "exploit"
    • Metadata
      • from address of the sender
      • contract affected contract
      • operationId id of the executed operation
      • callData stringified operation params ({ target, value, data })
      • delay delay of the executed operation

  • OPENZEPPELIN-TIMELOCK-CONTROLLER-2

    • Fired when a new role has been granted
    • Severity:
      • "critical" if EXECUTOR became PROPOSER or TIMELOCK_ADMIN
      • "info" if it's a normal role granting
    • Type:
      • "suspicious" if EXECUTOR became PROPOSER or TIMELOCK_ADMIN
      • "info" if it's a normal role granting
    • Metadata
      • sender the account that originated the contract call
      • account granted account address
      • contract contract address
      • grantedRole granted role name (not a hash)
      • previousRoles roles of the account without the granted one

  • OPENZEPPELIN-TIMELOCK-CONTROLLER-3

    • Fired when role has been revoked
    • Severity is always set to "medium"
    • Type is always set to "info"
    • Metadata
      • sender the account that originated the contract call
      • account revoked account address
      • contract contract address
      • revokedRole revoked role name (not a hash)
      • currentRoles all roles of the account without the revoked one

  • OPENZEPPELIN-TIMELOCK-CONTROLLER-4

    • Fired when role has been renounced
    • Severity is always set to "medium"
    • Type is always set to "info"
    • Metadata
      • account renounced account address
      • contract contract address
      • revokedRole name of renounced role

  • OPENZEPPELIN-TIMELOCK-CONTROLLER-5

    • Fired if contract address has been revoked from TIMELOCK_ADMIN role
    • Severity is always set to "high"
    • Type is always set to "suspicious"
    • Metadata
      • sender the account that originated the contract call
      • contract contract address
      • contractRoles all roles of the contract address

Test data

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages