Project

One World

NFTDeFi

15,000 USDC

Submission Details

Severity: low

Invalid

Role Mismanagement in `OWPIdentity` Contract

Root Cause:

The OWPIdentity contract restricts burning tokens to addresses with the MINTER_ROLE. If the MINTER_ROLE is improperly managed or compromised, malicious actors can arbitrarily burn users' tokens.

function burn(address account, uint256 id, uint256 amount)
public override
onlyRole(MINTER_ROLE)
{
_burn(account, id, amount);
}
Impact:
- Token Loss: Users may lose tokens unexpectedly, leading to financial loss and reduced trust.
- Service Disruption: Arbitrary burning of tokens can disrupt DAO operations, especially if tokens represent membership or voting rights.
- Reputation Damage: Such vulnerabilities can harm the project's reputation, deterring potential users and investors.
Recommendation:
- Restrict MINTER_ROLE: Ensure that only highly trusted and necessary entities hold the MINTER_ROLE.
- Implement Multi-Signature Controls: Require multiple approvals for sensitive role assignments to prevent single points of failure.
- Regular Audits: Periodically audit role assignments and usage to detect and rectify any misconfigurations promptly.

Updates

0xbrivan2 Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

0xbrivan2 Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Total prize

15,000 USDC

nSLOC

541

28 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

The contest is live. Earn rewards by submitting a finding.

Submissions are being carefully reviewed by our judges.

This is your time to appeal against judgements on your submissions.

Appeals are being carefully reviewed by our judges.

The contest is complete and the rewards are being distributed.

Support

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.