Submission Details
Severity:
Privileged role change in SpiceAuction::setDaoExecutor doesn't implement a two step mechanism potentially leading to loss of admin functionalities
Summary
SpiceAuction::setDaoExecutor doesn't implement a two step mechanism potentially leading to loss of admin functionalities when using an uncontrolled address
Vulnerability Details
If an uncontrolled address is set via SpiceAuction::setDaoExecutor then all of admin functionalities will be lost in the contract because there is no way to recover / reset this address:
function setDaoExecutor(address _daoExecutor) external onlyDAOExecutor {
if (_daoExecutor == address(0)) { revert CommonEventsAndErrors.InvalidAddress(); }
daoExecutor = _daoExecutor;
emit DaoExecutorSet(_daoExecutor);
}
Impact
High because if an uncontrolled wallet is set, then contract admin functionality is lost
However attack complexity is High.
Tools Used
Manual Review
Recommendations
Implement a two step set/claim mechanism for this privilege role
function proposeDaoExecutor(address _daoExecutor) external onlyDAOExecutor {
if (_daoExecutor == address(0)) { revert CommonEventsAndErrors.InvalidAddress(); }
daoExecutor = _daoExecutor;
proposedExecutor = _daoExecutor; //<- new global ct address
emit DaoExecutorSet(_daoExecutor);
}
function claimDaoExecutor() external onlyDAOExecutor {
require(msg.sender == proposedExecutor);
daoExecutor = proposedExecutor;
}
Prize pool breakdown
Total prize
25,000 USDC
nSLOC
99825 USDC / LOC
20,000 USDC
2,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.