First Flight #16: Mafia Takedown
First Flight #16
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

If Policy is not registered in kernel, policy at index zero gets deactivated

octeezy

Summary

Policy that incorrectly returns active status can cause policy at inndex zero to get deleted.

Vulnerability Details

If a policy that has it's isActive value set to true without going through _activatePolicy then it hasnt been registered in the getPolicyIndex mapping, so in line 289 when it tries to read the getPolicyIndex value for policy_ it will return zero, therefore the policy at index zero will be the one getting deactivated.

Impact

MEDIUM - policy at index zero can be deleted

Tools Used

Foundry tests:

test/mocks/MockPolicy.sol

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.13;
import { Policy, Kernel } from "src/Kernel.sol";
contract MockPolicy is Policy {
constructor(Kernel kernel_) Policy(kernel_) {
isActive = true;
}
}

test/SomeTestFile.sol

function testShouldNotDeactivatePolicy() public {
vm.startPrank(godFather);
MockPolicy mockPolicy = new MockPolicy(kernel);
vm.expectRevert();
kernel.executeAction(Actions.DeactivatePolicy, address(mockPolicy));
vm.stopPrank();
}

Recommendations

Check that activePolicies[idx] is equal to the policy that is being passed to the _deactivatePolicy function.

Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.