Flow

Sablier

FoundryDeFi

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Transfer Admin Functionality

hackz

Summary

The transferAdmin function in the Adminable contract allows transferring admin privileges to a new address but does not validate that the new admin address is not the zero address. This could lead to locking the contract out of all admin functionalities.

Finding Description

The transferAdmin function does not include a check to prevent the new admin address from being set to the zero address. The lack of this validation breaks the security guarantee that the contract will always have a valid admin. If a malicious actor (or an unintended call) sets the new admin to 0x0, it will permanently prevent any admin operations, rendering the contract non-functional for admin-restricted actions.

This vulnerability could be exploited by a malicious user if they gain access to the current admin account and call transferAdmin with the zero address. Once executed, the admin's control over the contract will be irreversibly lost.

Vulnerability Details

Function: transferAdmin(address newAdmin)
Location: Adminable.sol
Description: The function is intended to allow the current admin to transfer admin rights but lacks a check for the zero address.

Impact

The impact assessment is classified as high because this vulnerability directly leads to a loss of functionality for admin-controlled functions. If the admin address is set to zero, no valid address can execute onlyAdmin functions, which could effectively lock all critical administrative capabilities of the contract.

Proof of Concept

The following example demonstrates how a malicious actor could exploit this issue:

The current admin (e.g., 0xABC...) calls transferAdmin(0x0).
After executing this call, the admin address is set to 0x0, making all admin-restricted functionalities inaccessible.

// Current admin sets the new admin to zero address

adminableContract.transferAdmin(address(0));

Recommendations

To fix this issue, it is recommended to add a check in the transferAdmin function to prevent the admin from being set to the zero address. Here is a code snippet with the recommended fix:

/// @inheritdoc IAdminable

function transferAdmin(address newAdmin) public virtual override onlyAdmin {

// Check that the new admin address is not the zero address

require(newAdmin != address(0), "New admin cannot be the zero address");

// Effect: update the admin.

admin = newAdmin;

// Log the transfer of the admin.

emit IAdminable.TransferAdmin({ oldAdmin: msg.sender, newAdmin: newAdmin });

}

By implementing this check, the contract will ensure that admin privileges cannot be transferred to an invalid address, maintaining the contract's intended functionality and security.

File Location

Adminable.solTransfer Admin Functionality

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

699

29 USDC / LOC

High Medium

19,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.