stake.link

stake.link
DeFiHardhatBridge
27,500 USDC
View results
Submission Details
Severity: low
Invalid

Owner has broad privileges including ability to upgrade contracts and drain funds

Summary

The owner of the core SDL Pool contracts like SDLPoolPrimary.sol and SDLPoolCCIPControllerPrimary.sol has the ability to:

  • Upgrade contracts using OpenZeppelin's proxy pattern

  • Modify critical parameters like max lock duration

  • Recover any tokens from the contracts

This results in a centralized single point of failure.

Vulnerability Details

If the owner address is compromised, the attacker could steal funds, modify parameters to their benefit, or sabotage operations by upgrading the contracts.

Some specific exploits:

  1. Drain all SDL rewards using recoverTokens

  2. Set max lock duration to 0 to disable locking

  3. Upgrade to a malicious contract and steal staked funds

Impact

Given the owner is currently a multisig wallet, the likelihood of compromise is low. However, accidents or unintended consequences of upgrades are still possible even without malice.

Tools Used

Manual Review

Recommendations

Adding decentralized governance, limiting privileges, and building robust emergency controls would help mitigate the issues.

  1. Implementing a DAO/timelock for ownership rather than a multisig

  2. Limiting the owner's abilities to only necessary functionality

  3. Adopting a pause function that freezes sensitive functionality in emergencies

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.