Core Contracts

Summary

The centralized access control in the withdraw function is a high severity issue that can lead to potential misuse of funds, loss of user autonomy, and increased risk of compromise. Implementing a more decentralized access control mechanism, ensuring role verification, and conducting thorough audits and testing are essential to address this issue and enhance the security and reliability of the contract.

Vulnerability Details

The withdraw function in the Treasury contract is restricted to the MANAGER_ROLE, meaning only entities with this role can withdraw funds. This centralizes control and creates a single point of failure. The MANAGER_ROLE is not a trusted role and can be compromised, leading to potential misuse of funds. Additionally, users cannot withdraw their own funds without the intervention of a manager, limiting user autonomy and potentially causing delays and misuse of funds.

Impact

• Single Point of Failure: Centralized control by the manager creates a single point of failure, increasing the risk of misuse if the manager's account is compromised.

• Loss of Funds: If the manager's account is compromised, an attacker can withdraw all funds from the treasury.

• User Autonomy: Users cannot withdraw their own funds without the intervention of a manager, leading to potential delays and misuse of funds.

Tools Used

Recommendations

1. Decentralized Access Control: Implement a more decentralized access control mechanism, allowing users to withdraw their own funds.

2. Role Verification: Ensure that the MANAGER_ROLE is assigned to trusted entities and implement additional security measures to protect against compromise.

3. Audit and Testing: Conduct a thorough audit and testing of the contract to ensure that the access control logic is correctly implemented and secure.