First Flight #16: Mafia Takedown
First Flight #16
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

[L-1] `Laundrette::retrieveAdmin` function will always revert.

Keyword

Description: The Laundrette::retrieveAdmin function is misconfigured. Instead of reading the value of the public admin address from the Kernel contract, the function calls the Kernel::executeAction function and attempts to change the admin address with the executor's address. The Kernel::executeAction function is guarded by an onlyExecutor modifier. Because msg.sender in the context of the Kernel contract will be the Laundrette contract and not the kernel.executor() address, this function will always revert.

Impact: Users can not read the value of the kernel.admin() address by calling this function.

Proof of Concepts: Insert the code below in the Laundrette.t.sol file.

function test_retrieveAdmin() public {
address alice = makeAddr("alice");
vm.prank(alice);
vm.expectRevert();
laundrette.retrieveAdmin();
}

Recommended mitigation: Change the function by following the code sample below

- function retrieveAdmin() external {
- kernel.executeAction(Actions.ChangeAdmin, kernel.executor());
+ function retrieveAdmin() external view returns (address) {
+ return kernel.admin();
}
Updates

Lead Judging Commences

n0kto Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

`retrieveAdmin` not working

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.