Submission Details
Severity:
Old addresses are still whitelisted after there are changed.
Vulnerability details
function setTeamGnosis(address _gnosis) external override onlyElevatedAccess {
templeGold.setTeamGnosis(_gnosis);
}
After the new address is set using setter function, the old address is still whitelisted.
function setTeamGnosis(address _gnosis) external override onlyOwner {
if (_gnosis == address(0)) {
revert CommonEventsAndErrors.InvalidAddress();
}
teamGnosis = _gnosis;
emit TeamGnosisSet(_gnosis);
}
Impact
In some scenarios it will create security threats as private key of changed address could have been exposed. Sometimes whitelisted addresses will lead to changed flow of the transaction which can cause some problems.
Recommended Mitigation Steps
Remove previous address from whitelist in the same function call.
Example pseudocode:
function setTeamGnosis(address _gnosis) external override onlyElevatedAccess {
+ address previousAddress = templeGold.teamGnosis();
+ templeGold.authorizeContract(_contpreviousAddressract, false);
templeGold.setTeamGnosis(_gnosis);
}
Change other setter functions.
Updates
Lead Judging Commences
inallhonesty 11 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Old addresses are still whitelisted after there are changed.
Prize pool breakdown
Total prize
25,000 USDC
nSLOC
99825 USDC / LOC
20,000 USDC
2,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.