Single-Step Admin Transfer Vulnerability in Adminable.sol
Summary
The Adminable contract uses a single-step process for transferring admin rights, allowing immediate assignment to a new admin without a secondary confirmation. This design creates a significant risk: if an incorrect address is set, the protocol may lose administrative control, affecting all functions restricted by the onlyAdmin modifier.
Vulnerability Details
The single-step admin transfer in Adminable.sol introduces a risk of losing control over all onlyAdmin functions. If an incorrect address is set as the admin, admin privileges could be lost permanently, rendering core protocol functionality unmanageable.
Impact
Permanent loss of admin access, impairing management, updates, and essential protocol controls.
Code Snippet
https://github.com/Cyfrin/2024-10-sablier/blob/8a2eac7a916080f2022527408b004578b21c51d0/src/abstracts/Adminable.sol#L34
Tools Used
Manual Review
Recommendations
Adopt a two-step admin transfer pattern to prevent permanent access loss from accidental transfers. OpenZeppelin’s Ownable2Step contract provides a reliable solution by setting the admin address to "pending" and requiring the new admin to confirm the role change before the transfer completes.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.