some operation ID may be executed two times in the timelockcontroller contract which is unexpected for the protocol.
Summary
An Operation ID starts as unexecuted. When executed through an emergency action, its status is not updated, allowing it to be executed repeatedly. This can be exploited to disrupt protocol functionality.
Vulnerability Details
1. Let’s assume, currently an Operation ID is not executed, so _operations[id].executed = false.
**2. now the Operation ID is executed in Emergency Action by calling the function executeEmergencyAction. After executing, _operations[id].executed is not updated to true in the function executeEmergencyAction. **
3. As a result, this Operation ID can be again executed by calling the function executeBatch/function executeEmergencyAction which can break protocol functionality/property.
**
**
Impact
some operation ID may be executed two times in the timelockcontroller contract which is unexpected for the protocol.
Tools Used
manual review
Recommendations
update _operations[id].executed = true in the function executeEmergencyAction.
Lead Judging Commences
TimelockController.executeEmergencyAction doesn't mark operations as executed, allowing the same operation to be executed again through the regular path
TimelockController.executeEmergencyAction doesn't mark operations as executed, allowing the same operation to be executed again through the regular path
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.