keccak123
medium
The admin for the SystemDictatorProxy contract is an EOA address on Goerli, which is insecure and inconsistent compared to other contracts. Every other L1 contract with a proxy has a proxy admin value of the ProxyAdmin contract. SystemDictatorProxy is inconsistent and an EOA proxy admin introduces weakness into the system.
The SystemDictatorProxy contract is 0x1f0613A44c9a8ECE7B3A2e0CdBdF0F5B47A50971 according to the Optimism website. Etherscan confirms this is a proxy contract. The admin for the proxy at the current block is found with
cast call --block 8397940 0x1f0613A44c9a8ECE7B3A2e0CdBdF0F5B47A50971 "admin()(address)" --rpc-url https://rpc.ankr.com/eth_goerli
0x956a5152D0f498dBA0c5966577bb44262F8F7078Etherscan tells us this is an EOA address with no contract. This contract is an important contract in migrating the Optimism core contracts which should not be owned by an EOA.
For comparison, the admin of every Optimism Goerli precompile proxy is 0x4200000000000000000000000000000000000018, which is the proxy admin. And the other contracts listed on https://community.optimism.io/docs/developers/bedrock/public-testnets/#goerli have an admin proxy value of 0x01d3670863c3F4b24D7b107900f0b75d4BbC6e0d, which is the proxy admin. Introducing another address as a proxy admin for a core contract, especially an EOA, adds a weakness into the system because proxy contracts can be upgraded by the proxy admin to new contract code. This inconsistency of introducing another address as a proxy admin for SystemDictatorProxy is confirmed by the constructor argument choice in contracts-bedrock/deployments/.
EOAs are not as secure as multisigs and should never be the owners or admins of critical components of a protocol. Private key compromise is a common attack vector for hackers and an EOA is an easier target. A proxy admin address has the additional ability to upgrade the proxy and change the code.
The deployment data showing SystemDictatorProxy does not use the same _admin argument in the constructor as the other proxy contracts
https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/deployments/goerli/SystemDictatorProxy.json#L161-L163
The Proxy contract used for SystemDictatorProxy is the same as the other Optimism proxy contracts https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/universal/Proxy.sol
Manual Review
Make the proxy admin contract 0x01d3670863c3F4b24D7b107900f0b75d4BbC6e0d the admin of the SystemDictatorProxy proxy to maintain a consistent security posture across all contracts in Optimism.