First Flight #16: Mafia Takedown
First Flight #16
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Potential DoS in `Laundrette:receiveAdmin`

kostov

Summary

Potential DoS in Laundrette::receiveAdmin as everybody can call the function, change the admin and prevent the Laundrette contract from calling some of the methods with onlyAdmin modifier

Vulnerability Details

Malicious users can keep calling Laundrette::receiveAdmin, even after the godfather has brought back the admin rights to the Laundrettecontract viaKernel::executeAction. This loop could last forever and make the methods described in the Impactsession bellow basically unusable. There is even potential that a bot can be made, to check for transactions that try to change theKerneladmin back to theLaundrettecontract, and after such a transaction is executedLaundrette::receiveAdmin` to be executed also.

Impact

Laundrette::addToTheGang and Laundrette::quitTheGang will always revert, as they call the Kernel.sol methods which have the onlyAdmin modifier and the new admin will be the godfather, not the Laundrette contract.

Tools Used

Manual Review

Recommendations

Add isGodFather modifier, so that only the godfather can call that method.

+ function retrieveAdmin() external isGodFather {
kernel.executeAction(Actions.ChangeAdmin, kernel.executor());
}
Updates

Lead Judging Commences

n0kto Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.