Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Lack of Access Control in `applyTreasuryUpdate` and `applyTreasuryUpdate` Function

waydou

Summary

The applyTreasuryUpdate and applyRepairFundUpdate functions lack proper access control, allowing any external entity to execute them. This could lead to unauthorized updates to critical contract addresses and potential fund mismanagement.

Vulnerability Details

Both applyTreasuryUpdate and applyRepairFundUpdate functions update key financial contract addresses but do not have any role-based access control to restrict their execution:

function applyTreasuryUpdate() external {
if (pendingTreasury.newAddress == address(0)) revert InvalidAddress();
if (block.timestamp < pendingTreasury.effectiveTime) revert UnauthorizedCaller();
treasury = pendingTreasury.newAddress;
delete pendingTreasury;
}
function applyRepairFundUpdate() external {
if (pendingRepairFund.newAddress == address(0)) revert InvalidAddress();
if (block.timestamp < pendingRepairFund.effectiveTime) revert UnauthorizedCaller();
repairFund = pendingRepairFund.newAddress;
delete pendingRepairFund;
}

Any external entity can call these functions, allowing unauthorized users to execute treasury and repair fund updates.

Impact

Malicious actors could apply treasury or repair fund updates, redirecting funds to unintended addresses. Anytime the admin set the prendingtreasury he opens the attack for the atatcker to wait for the effectivetime to apply their own malicious treasury

Tools Used

Manual Review

Recommendations

Restrict execution of applyTreasuryUpdate and applyRepairFundUpdate to authorized roles, such as DEFAULT_ADMIN_ROLE

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.