`Laundrette::retrieveAdmin` doesn't have permission to execute an action directly on the `kernel` causing the function to revert
Summary
According to the Documentation the Laundrette contract has a function that permits the godfather to retrieve the admin role when needed. However when then godfather calls Laundrette::retrieveAdmin, the function reverts with an error Kernel_OnlyExecutor, because the Admin in this case the Laundrette contract is not allowed to perform this action directly.
Vulnerability Details
It's not really a vulnerability but an implementation error, that causes confusion and the function to revert.
Proof of Code
Paste the following code into the Laundrette.t.sol file, then run the test:
Code
Impact
The function Laundrette::retrieveAdmin is useless and will always fail, making the code harder to read, bloating up the code and makes the usage of the protocol harder because the godfather account might expect that he can call this function to retrieve the admin role.
Tools Used
forge test
Recommendations
Remove the function from the Laundrette contract, because the executor (in this case the godfather) should call the Kernel::kernel.executeAction directly. The Laundrette contract acting as the Admin doesn't have any permissions to perform this call.
Optional: The protocol can implement a Script that calls the Kernel::kernel.executeAction with the godfathers private key as signer, to easier handle this action.
Lead Judging Commences
`retrieveAdmin` not working
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.