Flow
Sablier
FoundryDeFi
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Function Visibility

hackz

Summary

Improper function visibility may allow unauthorized access to critical functions within the SablierFlowBase contract, potentially leading to unauthorized state modifications and security vulnerabilities.

Finding Description

The SablierFlowBase contract contains several functions that are intended to be accessible only to specific roles (e.g., admin or contract owner) but may be incorrectly marked with public visibility. This oversight can lead to unauthorized users executing functions that were not designed for public access.

For instance, functions such as setNFTDescriptor and setProtocolFee, which are intended for administrative tasks, should be limited to onlyAdmin or similar modifiers but are publicly accessible without adequate access controls. If a malicious actor calls these functions, they can alter crucial contract parameters, such as the NFT descriptor and protocol fee, resulting in unintended behavior, loss of funds, or exploitation of the system.

Vulnerability Details

  • Security Guarantees Broken: The integrity and confidentiality of contract state variables are compromised due to improper access controls, which can allow unauthorized users to execute administrative functions.

  • Propagation of Malicious Input: By interacting with these functions, a malicious user could change the protocol fee to an exorbitant value, allowing them to siphon funds from users without their consent. The lack of visibility checks may allow these changes to propagate unchecked throughout the system.

Impact

The impact of this vulnerability is significant, as it undermines the core principle of role-based access control in the contract. Unauthorized changes to critical contract parameters can lead to exploitation, financial losses, and a breach of user trust.

Proof of Concept

Consider the following function intended to be used only by the contract admin:

function setNFTDescriptor(IFlowNFTDescriptor newNFTDescriptor) external override onlyAdmin {
// Code logic
}

If onlyAdmin is not enforced due to visibility issues, a malicious actor can invoke this function directly, bypassing any role checks.

Recommendations

To mitigate this vulnerability, the following actions are recommended:

  1. Review and Correct Function Visibility: Ensure that all functions, especially administrative ones, are marked with appropriate visibility modifiers (e.g., internal or private) to restrict access.

  2. Implement Access Control Modifiers: Make sure all sensitive functions utilize access control modifiers effectively.

Here is a snippet of corrected code to illustrate these recommendations:

/// @inheritdoc ISablierFlowBase
function setNFTDescriptor(IFlowNFTDescriptor newNFTDescriptor) internal override onlyAdmin {
// Effect: set the NFT descriptor.
IFlowNFTDescriptor oldNftDescriptor = nftDescriptor;
nftDescriptor = newNFTDescriptor;
// Log the change of the NFT descriptor.
emit ISablierFlowBase.SetNFTDescriptor({
admin: msg.sender,
oldNFTDescriptor: oldNftDescriptor,
newNFTDescriptor: newNFTDescriptor
});
// Refresh the NFT metadata for all streams.
emit BatchMetadataUpdate({ _fromTokenId: 1, _toTokenId: nextStreamId - 1 });
}

By implementing these changes, you can ensure that function accessibility aligns with the intended access control mechanisms, thereby maintaining the integrity and security of the contract.

File Location

SablierFlowBase.sol

Updates

Lead Judging Commences

inallhonesty Lead Judge
11 months ago
inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.