This repository has been archived by the owner on Jul 28, 2024. It is now read-only.
Anubis - Unilateral Admin Authority with Risk of Unauthorized Transaction Execution #23
Labels
Non-Reward
This issue will not receive a payout
Anubis
high
Unilateral Admin Authority with Risk of Unauthorized Transaction Execution
Summary
The Timelock contract consolidates significant authority in the admin role, enabling the execution of crucial functions (queueTransaction, cancelTransaction, executeTransaction) without multi-party consensus. This design introduces a single point of failure and a potential vector for privilege escalation and unauthorized transaction execution.
Vulnerability Detail
The contract's current architecture grants the admin role exclusive control over sensitive functions, creating a centralization risk. An attacker compromising the admin's private key or the role being misused can lead to unauthorized state alterations within the system. Potential exploits include enqueuing and executing transactions that could divert funds, manipulate governance decisions, or compromise the integrity of the governed protocols.
Impact
Compromise of the admin role poses severe threats, including but not limited to:
Code Snippet
https://github.com/sherlock-audit/2024-01-olympus-on-chain-governance/blob/main/bophades/src/external/governance/Timelock.sol#L108
https://github.com/sherlock-audit/2024-01-olympus-on-chain-governance/blob/main/bophades/src/external/governance/Timelock.sol#L125
https://github.com/sherlock-audit/2024-01-olympus-on-chain-governance/blob/main/bophades/src/external/governance/Timelock.sol#L140
Tool used
Manual Review
Recommendation
Mitigate the centralization risk by implementing a multi-signature or a decentralized governance model for pivotal actions. Introduce mechanisms such as timelocks or multi-step confirmations to ensure that no single party can unilaterally enact significant changes.
Code Snippet for Fix:
By requiring multiple confirmations from distinct governance participants, the system can ensure that no single entity has unilateral control over critical actions, thereby preventing unauthorized transactions and enhancing the overall security of the system.
Duplicate of #22
The text was updated successfully, but these errors were encountered: