Submission Details
Severity:
Policy can be activated multiple times
Summary
Checking policy_.isActive() is not enough validation, policy could have functionality to return isActive as false.
Vulnerability Details
The check at the beginning of the _activatePolicy is not enough since a policy could return isActive as false and the proceed to be registered as a duplicate.
Impact
_deactivatePolicy() would no longer work correctly, a duplicate policy would still be active.
Tools Used
Foundry tests:
test/mocks/MockPolicy2.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.13;
import { Policy, Kernel } from "src/Kernel.sol";
contract MockPolicy2 is Policy {
constructor(Kernel kernel_) Policy(kernel_) { }
function deactivate() public {
isActive = false;
}
}
test/SomeTestFile.sol
function testShouldNotActivatePolicy() public {
vm.startPrank(godFather);
MockPolicy2 mockPolicy = new MockPolicy2(kernel);
kernel.executeAction(Actions.ActivatePolicy, address(mockPolicy));
mockPolicy.deactivate();
kernel.executeAction(Actions.ActivatePolicy, address(mockPolicy));
vm.stopPrank();
}
Recommendations
Have checks in place to verify if the policy is already active checking if getPolicyIndex[policy_] != 0
Rewards breakdown
nSLOC
205This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.