Owner has broad privileges including ability to upgrade contracts and drain funds
Summary
The owner of the core SDL Pool contracts like SDLPoolPrimary.sol and SDLPoolCCIPControllerPrimary.sol has the ability to:
Upgrade contracts using OpenZeppelin's proxy pattern
Modify critical parameters like max lock duration
Recover any tokens from the contracts
This results in a centralized single point of failure.
Vulnerability Details
If the owner address is compromised, the attacker could steal funds, modify parameters to their benefit, or sabotage operations by upgrading the contracts.
Some specific exploits:
Drain all SDL rewards using
recoverTokensSet max lock duration to 0 to disable locking
Upgrade to a malicious contract and steal staked funds
Impact
Given the owner is currently a multisig wallet, the likelihood of compromise is low. However, accidents or unintended consequences of upgrades are still possible even without malice.
Tools Used
Manual Review
Recommendations
Adding decentralized governance, limiting privileges, and building robust emergency controls would help mitigate the issues.
Implementing a DAO/timelock for ownership rather than a multisig
Limiting the owner's abilities to only necessary functionality
Adopting a pause function that freezes sensitive functionality in emergencies
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.