Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Centralization risks related to the 'onlyOwner' modifier and the 'owner' address

firmanregar

Summary

The 'mint' function is restricted to the contract owner, centralizing the minting authority to a single address. This setup poses a risk, as the owner has the ability to transfer ownership to another address. If the owner is compromised or acts maliciously, this could lead to potential security vulnerabilities.

Vulnerability Details

Code snippet: 2024-07-zaros/src/account-nft/AccountNFT.sol Lines: 1 - 30

I try to construct an attack scenario and the test contract code to exploit the centralization risk for trusted owners in the original AccountNFT contract.

// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.8.25;
import "forge-std/Test.sol";
import "../src/AccountNFT.sol";
contract AccountNFTTest is Test {
AccountNFT accountNFT;
address owner = address(0x123);
address newOwner = address(0x456);
address maliciousActor = address(0x789);
function setUp() public {
accountNFT = new AccountNFT("TestNFT", "TNFT", owner);
}
function testMintByOwner() public {
vm.prank(owner);
accountNFT.mint(address(0xABC), 1);
assertEq(accountNFT.ownerOf(1), address(0xABC));
}
function testTransferOwnershipAndMint() public {
// Transfer ownership to a new owner
vm.prank(owner);
accountNFT.transferOwnership(newOwner);
// New owner mints a new token
vm.prank(newOwner);
accountNFT.mint(address(0xDEF), 2);
assertEq(accountNFT.ownerOf(2), address(0xDEF));
}
function testMaliciousMintAfterOwnershipTransfer() public {
// Transfer ownership to a malicious actor
vm.prank(owner);
accountNFT.transferOwnership(maliciousActor);
// Malicious actor mints a new token
vm.prank(maliciousActor);
accountNFT.mint(address(0xFED), 3);
assertEq(accountNFT.ownerOf(3), address(0xFED));
}
}

  • The attacker gains control over the original owner's private key.

  • The attacker uses the compromised key to transfer contract ownership to themselves.

  • As the new owner, the attacker mints new tokens to addresses they control.

  • Confirming ownership of the newly minted tokens.

  • It verifies that the exploit contract's address holds the newly minted tokens and checks the ownership of each token.

Impact

The ability to mint tokens at will can lead to an uncontrolled increase in the token supply, devaluing the tokens and potentially causing significant financial loss to stakeholders. Besides, the centralization of minting rights in a single address (especially if compromised) undermines the trust in the contract's governance and operation. It can allow the attacker to control the token distribution and manipulate the ecosystem.

Tools Used

Manual Review

Recommendations

The 'multiSigWallet' address is designated for ownership control, ensuring that critical actions necessitate multiple signatures. The 'updateMultiSigWallet' function allows for updating the multi-sig wallet address with appropriate access controls. Furthermore, we recommend implementing role-based access control and timelocks for sensitive operations.

Updates

Lead Judging Commences

inallhonesty Lead Judge
10 months ago
inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.