Project

Summary

The contract assigns both DEFAULT_ADMIN_ROLE and ADMIN_ROLE to msg.sender in the constructor, leading to a potential redundancy in role assignments. This could cause confusion regarding the intended access control logic and potentially introduce unnecessary complexity in managing roles.

Vulnerability Details

The constructor c

Both roles (DEFAULT_ADMIN_ROLE and ADMIN_ROLE) are assigned to the deploying address (msg.sender), despite DEFAULT_ADMIN_ROLE inherently having the permissions to manage other roles, including ADMIN_ROLE.

• The contract should only assign one role, either DEFAULT_ADMIN_ROLE or ADMIN_ROLE, to msg.sender.

• There should be no unnecessary role duplication, as DEFAULT_ADMIN_ROLE already provides all necessary administrative permissions.

Impact

Redundant roles create unnecessary complexity in managing roles and permissions. It may lead to confusion about which role is responsible for specific administrative actions.

Unnecessary role grants could slightly increase the gas cost for administrative tasks, although this impact is minimal.

Tools Used

manual review

Recommendations

if ADMIN_ROLE is preferred for the logic, remove the grant for DEFAULT_ADMIN_ROLE and adjust the role-checking accordingly.