Admin Call to UpdateWeightRunner functions Reverts When Owner Has Update Permission
Summary
For a pool, the Quantamm admin’s call updateWeightManually() in UpdateWeightRunner.sol reverts if the pool’s owner has the permission to update weights.
.
NOTE: This might be intentional to prevent the admin from interfering when a pool has a manager or owner.
However, the admin can bypass this restriction by using the setApprovedActionsForPool() function. This lets the admin remove the manager’s permissions, giving them control to set weights manually.
NOTE: the same issue is in other functions like setIntermediateValuesManuallyVulnerabilit and initialisePoolLastRunTimeImpact
Detail
-
A pool is configured where both owner update and admin update permissions are set:
MASK_POOL_OWNER_UPDATES , MASK_POOL_QUANTAMM_ADMIN_UPDATES are set in pool
-
The admin calls
setWeightsManuallyinUpdateWeightRunner.solto update the pool weights. -
The function first checks owner update permission:
The condition is true, and the function reverts because the admin is not the pool manager.
So admin can not update weights, because owner update is permissioned!
To bypass this restriction:
The admin calls
setApprovedActionsForPool()to reset the owner update permissions of the pool.The admin successfully calls setWeightsManually and updates the pool weights.
NOTE: the same issue is in other functions like setIntermediateValuesManuallyVulnerabilit and initialisePoolLastRunTimeImpact
Impact
The admin is blocked from performing updates in pool when pool owner is permissioned
Tools Used
vscode
Recommendations
Lead Judging Commences
invalid_manual_functions_cannot_be_called_by_admin_when_pool_owner_can
Design choice confirmed by the sponsor.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.