The Admin
role, which holds critical privileges within the protocol, can be transferred to another address in a single step through the Adminable::transferAdmin
function. However, this function lacks a validation check for a zero address (address(0)
), posing a significant risk. If mistakenly set to the zero address, critical admin-only functions such as collectProtocolRevenue
would be inaccessible, permanently locking protocol revenue.
Relevant Code:
Adminable::transferAdmin
Transferring Admin
privileges without checking for address(0)
introduces two main security and functionality risks:
Mistaken Assignment to Zero Address: If Adminable::transferAdmin
sets admin
to the zero address by accident or due to a clipboard replacement attack, critical privileges would effectively be lost. This includes the ability to execute functions like collectProtocolRevenue
, which are vital to protocol operations. Locked revenue would remain inaccessible indefinitely, impacting protocol sustainability.
Single-Step Transfer Risk: As the transfer occurs in a single step without requiring confirmation, there is an increased chance of transferring Admin
privileges to an unintended address. This could happen due to errors or malicious interference, risking control over essential protocol functions.
Manual Review
Add a check in Adminable::transferAdmin
to ensure newAdmin
is not address(0)
. This prevents accidental or malicious assignment of the zero address and safeguards admin functionality. If the protocol intends to allow an admin removal feature by setting admin
to address(0)
to operate without an admin, it is still advisable to implement the two-step confirmation outlined in point two. This extra layer ensures that setting the admin to zero is an intentional and verified action, mitigating accidental removal risks.
Implement a two-step admin transfer process, where the new admin must explicitly accept the role before the transfer is finalized. This additional confirmation reduces the risk of errors and improves control over critical privileges.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.