Project

Summary

The MembershipFactory contract relies on the deployer to receive the DEFAULT_ADMIN_ROLE. While functions like setBaseURI, setCurrencyManager, and updateMembershipImplementation are restricted to addresses with DEFAULT_ADMIN_ROLE, the constructor does not include additional ownership checks beyond the deployer's address. Although the deployer is assumed to be trusted, there are no mechanisms to transfer or revoke admin rights in case of key compromise or errors during deployment.

Vulnerability Details

there is no mechanism to securely transfer admin rights to another address if needed.

Affected Functions: The issue impacts the following functions requiring DEFAULT_ADMIN_ROLE permissions:

• setBaseURI()

• setCurrencyManager()

• updateMembershipImplementation()

  The contract's constructor assigns the DEFAULT_ADMIN_ROLE to msg.sender without any further verification or flexibility to change it post-deployment.

Impact

Limited Flexibility:

• The inability to transfer or revoke admin privileges post-deployment means that any mistake during deployment or key compromise could require redeploying the entire contract, leading to operational inefficiencies and potential user impact.

Tools Used

Manual code review

Recommendations

Implement a Transferable Admin Role:

• Introduce a function that allows the current admin to transfer the DEFAULT_ADMIN_ROLE to another trusted address:

• To enhance flexibility, consider combining AccessControl with Ownable, allowing ownership transfer capabilities while maintaining role-based access control.

  function transferAdminRole(address newAdmin) external onlyRole(DEFAULT_ADMIN_ROLE) {

  require(newAdmin != address(0), "Invalid admin address");

  _grantRole(DEFAULT_ADMIN_ROLE, newAdmin);

  _revokeRole(DEFAULT_ADMIN_ROLE, msg.sender);

  }

  ​