Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Centralization Risk in Role Assignment

ibukunola

Summary

The TimelockController contract assigns multiple powerful roles (DEFAULT_ADMIN_ROLE, EMERGENCY_ROLE, CANCELLER_ROLE) to a single admin address during construction, creating a significant centralization risk. If this admin address is compromised, an attacker could gain complete control over timelock operations, including cancelling proposals, executing emergency actions, and granting additional roles, potentially leading to the drainage of protocol funds or disruption of governance processes.

Vulnerability Details

The constructor assigns all critical roles to the admin parameter without requiring multi-signature or distributed control:

DEFAULT_ADMIN_ROLE allows role management (e.g., granting EXECUTOR_ROLE).
EMERGENCY_ROLE enables scheduling and executing emergency actions (e.g., scheduleEmergencyAction, executeEmergencyAction).
CANCELLER_ROLE permits cancellation of scheduled operations via cancel.
Attack Scenario:
Admin’s private key is compromised (e.g., via phishing or weak security practices).
Attacker cancels legitimate governance proposals using cancel.
Schedules and executes an emergency action to transfer $10M from the protocol treasury to an attacker-controlled address.
Grants EXECUTOR_ROLE to additional malicious addresses, executing further unauthorized operations to drain remaining funds.
No safeguards (e.g., multi-signature requirements) prevent this single point of failure from being exploited.

Impact

The potential loss of $10M in protocol funds controlled by the timelock represents a high-impact vulnerability, as it could completely undermine the protocol’s financial integrity and governance stability. The medium likelihood stems from the realistic risk of admin key compromise, a known attack vector in centralized systems, amplified by the concentration of powerful roles in one address.

Tools Used

Manual Code Review: Confirmed that DEFAULT_ADMIN_ROLE, EMERGENCY_ROLE, and CANCELLER_ROLE are all granted to the admin parameter with no additional checks or balances.

Recommendations

Implement multi-signature requirements for role assignment and critical actions to mitigate centralization risks:

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.