Emergency Actions Can Be Re-executed in TimelockController
Summary
Emergency actions lack execution status tracking, allowing potential duplicate executions.
Vulnerability Details
TimelockController::executeEmergencyAction() do not mark op.executed = true, action can be redone by mistake
action is added
action is added to emergency with scheduleEmergencyAction()
action is done through executeEmergencyAction(), id is remove from
_emergencyActionsbutop.executed = false, so action is still available in_operationsTime pass and it's now possible to execute the action
Admin re run the action by mistake
Impact
An admin can re execute a transaction by mistake.
Tools Used
Manual
Recommendations
Operations runned by executeEmergencyAction() should mark the operation as executed, i.e op.executed = true
Lead Judging Commences
TimelockController.executeEmergencyAction doesn't mark operations as executed, allowing the same operation to be executed again through the regular path
TimelockController.executeEmergencyAction doesn't mark operations as executed, allowing the same operation to be executed again through the regular path
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.