Denial of Service preventing Laudrette actions
Summary
There is a function which allows the setting of the kernel admin to be reset to the kernel executor address. This is as per the requirements. However it also states that this should only be the GodFather that does this. This function is callable by anyone. Even though the GodFather is the only one who will be set to the admin, this has crippling effects on the policies (Laundrette in this case).
Vulnerability Details
The function to reset the admin of the kernel to the executor is external with no permission checks outside the Default framework. This means any disgruntled gangmember, or even any member of the law-abiding public are able to call this function and reset the admin to the executor. This means that the GodFather and the GodFather alone has to manually go on chain and reset the whole sorry mess to allow the Laundrette to get back to business. I can't imagine a mob boss being particularly effective if he is spending his entire time trying to set the admin back to the Laundrette contract every few seconds.
Impact
If someone was so inclined, they could set up an account or contract with a bit of base currency to pay the gas and simply call the retrieveAdmin function constantly. This would in effect cripple the entire gun-sharing, gangster chain model
Tools Used
To fix, the godfather would need to do low level kernel calls directly. You don't see that level of day job detail in the movies.
Recommendations
Ensure the function can only be called by the GodFather to save their sanity and the whole criminal enterprise.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.