Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Critical Lack of Authentication and Access Control in GlobalConfiguration::configureCollateralLiquidationPriority Function

heim

Summary

The configureCollateralLiquidationPriority function in the GlobalConfiguration library lacks proper authentication and access control mechanisms. This vulnerability allows unauthorized users to modify the collateral liquidation priority, potentially leading to significant operational and financial risks.

Vulnerability Details

function configureCollateralLiquidationPriority(Data storage self, address[] memory collateralTypes) internal {
uint256 cachedCollateralTypesCached = collateralTypes.length;
for (uint256 i; i < cachedCollateralTypesCached; i++) {
if (collateralTypes[i] == address(0)) {
revert Errors.ZeroInput("collateralType");
}
if (!self.collateralLiquidationPriority.add(collateralTypes[i])) {
revert Errors.MarginCollateralAlreadyInPriority(collateralTypes[i]);
}
}
}

This function is marked as internal and does not include access control checks to ensure that only authorized users can reconfigure the collateral liquidation priority. This lack of control could allow unauthorized manipulation of critical contract parameters.

Proof of Concept

If an attacker gains the ability to call theconfigureCollateralLiquidationPriority` function through a parent contract or via a manipulated wrapper function that lacks access control, they could configure the liquidation priority to their advantage. This could disrupt the intended order of collateral liquidation, leading to potential financial losses and mismanagement of collateral.

  • Scenario:
    Normal Operation:Authorized user sets the liquidation priority correctly.Collaterals are liquidated in the intended order.

  • Attack: Unauthorized user exploits an access control vulnerability.
    They call configureCollateralLiquidationPriority and reconfigure with their own set of addresses.
    The liquidation process gets manipulated, potentially favoring the attacker’s assets or changing the intended order.

Impact

High

Tools Used

Manual Review

Recommendations

To mitigate this vulnerability, it is crucial to implement robust access control mechanisms around the configureCollateralLiquidationPriority function. This can be achieved by using the OpenZeppelin AccessControl library or a similar solution.

Example Fix
Import the AccessControl library:

import "@openzeppelin/contracts/access/AccessControl.sol";

Define a role for the manager:

bytes32 public constant MANAGER\_ROLE = keccak256("MANAGER\_ROLE");

Set up the roles in the constructor and include access control in the function:

contract MyContract is AccessControl {
bytes32 public constant MANAGER\_ROLE = keccak256("MANAGER\_ROLE");
constructor() {
_setupRole(DEFAULT_ADMIN_ROLE, msg.sender);
_setupRole(MANAGER_ROLE, msg.sender);
}
function configureCollateralLiquidationPriority(address[] memory collateralTypes) external {
require(hasRole(MANAGER_ROLE, msg.sender), "Caller is not a manager");
// Call the internal function from the library
GlobalConfiguration.configureCollateralLiquidationPriority(_data, collateralTypes);
}
// Storage structure instance
GlobalConfiguration.Data private _data;
}
library GlobalConfiguration {
// Existing code unchanged
}

Add access control checks in the external function to ensure only authorized users can call it:

require(hasRole(MANAGER\_ROLE, msg.sender), "Caller is not a manager");

By adopting these recommendations, the risk of unauthorized users manipulating the collateral liquidation priority can be significantly mitigated, thereby enhancing the security and reliability of the smart contract.

Updates

Lead Judging Commences

inallhonesty Lead Judge
over 1 year ago
inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!