Non-Atomic Operation for Updating Staking, Escrow, and De-Authorizing in One Transaction
Summary
In TempleGold::authorizeContract, the staking and escrow contracts are mutable, allowing for changes or upgrades under specific circumstances. However, when changes are made to these contracts, the previous versions must be de-authorized from transferring any tokens to ensure funds are protected in case of a protocol attack. Failing to set and revoke authorizations atomically leaves a window for potential security breaches.
Vulnerability Details
In TempleGold::authorizeContract, an address can be authorized or unauthorized to transfer tokens:
In TempleGold, the staking and escrow contracts are authorized to interact with the public. However, when these contracts are updated, the previous staking and escrow contracts must be de-authorized from transferring tokens. If the protocol is under attack or being manipulated, failing to revoke authorizations atomically allows attackers time to exploit the system, posing significant security risks.
Impact
When the staking and escrow contracts are updated, failing to remove the corresponding authorizations simultaneously can create security vulnerabilities, leaving the system open to future attacks.
Tools Used
Manual
Recommendations
Ensure that upon changing the staking and escrow contracts, the authorizations of the previous versions are revoked atomically.
Lead Judging Commences
Old addresses are still whitelisted after there are changed.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.