Sablier

DeFiFoundry

53,440 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Missing Two-Step Verification in Ownership Transfer Leading to Potential Financial Loss

pina

Summary

The Adminable::transferAdmin function does not implement a two-step ownership change. If the current owner mistakenly transfers ownership to an incorrect address. Consequently, they lose the ability to call SablierV2MerkleLockup::clawback to rescue funds if misconfigured for mention a potential case.

Vulnerability Details

For example, when an airstream campaign is launched, the current owner may call Adminable::transferAdmin to change ownership:

function transferAdmin(address newAdmin) public virtual override onlyAdmin {

// Effect: update the admin.

@> admin = newAdmin;

// Log the transfer of the admin.

emit IAdminable.TransferAdmin({ oldAdmin: msg.sender, newAdmin: newAdmin });

}

The effect is immediate and does not check if the address is zero or inactive. If the owner mishandles this change, they lose the ability to call the SablierV2MerkleLockup::clawback function, which allows them to rescue funds until the grace period ends.

@> function clawback(address to, uint128 amount) external override onlyAdmin {

// Check: current timestamp is over the grace period and the campaign has not expired.

if (_hasGracePeriodPassed() && !hasExpired()) {

revert Errors.SablierV2MerkleLockup_ClawbackNotAllowed({

blockTimestamp: block.timestamp,

expiration: EXPIRATION,

firstClaimTime: _firstClaimTime

});

}

// Effect: transfer the tokens to the provided address.

ASSET.safeTransfer(to, amount);

// Log the clawback.

emit Clawback(admin, to, amount);

}

Rescuing the funds before the expiration or during the grace period allows the owner to correct any misconfigurations and redeploy the campaign.

Impact

The airstream creators may lose the ability to clawback funds . Additionally, SablierV2Lockup::setNFTDescriptor function can be affected as well.

Tools Used

Manual code review

Recommendations

Implement a two-step process where the current admin nominates an account, and the nominated account needs to call an Ownable2Step-like OpenZeppelin transferOwnership and acceptOwnership functions for the transfer of admin to fully succeed. This ensures the nominated account is a valid and active address.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Info/Gas/Invalid as per Docs

https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity

Prize pool breakdown

Total prize

53,440 USDC

nSLOC

2,655

20 USDC / LOC

High Medium

45,000 USDC

Low

3,100 USDC

Judges

5,340 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.