Admin privilege - A single point of failure can allow a hacked or malicious owner use critical functions in the project
Summary
The owner role has a single point of failure and onlyOwner can use critical a few functions.
owner role in the project:
Owner is not behind a multisig and changes are not behind a timelock.
Even if protocol admins/developers are not malicious there is still a chance for Owner keys to be stolen. In such a case, the attacker can cause serious damage to the project due to important functions. In such a case, users who have invested in project will suffer high financial losses.
Impact
Hacked owner or malicious owner can immediately use critical functions in the project.
Proof Of Concept
https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Beedle.sol#L36
https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L84
https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L92
https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L100
Recommended Mitigation Steps
Add a time lock to critical functions. Admin-only functions that change critical parameters should emit events and have timelocks.
Events allow capturing the changed parameters so that off-chain tools/interfaces can register such changes with timelocks that allow users to evaluate them and consider if they would like to engage/exit based on how they perceive the changes as affecting the trustworthiness of the protocol or profitability of the implemented financial services.
Allow only multi-signature wallets to call the function to reduce the likelihood of an attack.
https://twitter.com/danielvf/status/1572963475101556738?s=20&t=V1kvzfJlsx-D2hfnG0OmuQ
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.