Access Control Violation in removeOracle Function
Summary
The removeOracle function in the smart contract does not properly validate access control before modifying the state to remove an oracle from the list of approved oracles. This can potentially allow unauthorized users to remove oracles, leading to unexpected behaviors and vulnerabilities within the system that relies on these oracles.
Vulnerability Details
Access Control Logic: The function allows any user to execute it and sets the corresponding oracle's approval status to false before checking if the sender is the authorized admin (quantammAdmin). This creates a scenario where, if the function is called by a non-admin, the oracle's removal will still proceed. The require statement, which prevents unauthorized access, is placed after the critical state change, undermining its effectiveness.
Impact
Denial of Service (DoS): Unauthorized removal of oracles disrupts critical protocol operations.
Manipulation of Protocol Behavior: Malicious actors can selectively remove oracles to manipulate the protocol's behavior.
Tools Used
Manual Review
Recommendations
To mitigate this vulnerability, it is recommended to refactor the removeOracle function as follows:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.