MultiSig Timelock
First Flight #55
Beginner FriendlyWallet
100 EXP
View all submissions
Previous Next
Submission Details
Impact: medium
Likelihood: low

Signer Can Revoked Its Role Via Access Control

Author Revealed upon completion

Signer Can Revoked Its Role Via Access Control

Description

All signer can revoked its role via AccessControl contract, yet it will still register as signer in protocol.

// All signer can revoke its role via this function
function renounceRole(bytes32 role, address callerConfirmation) public virtual {
if (callerConfirmation != _msgSender()) {
revert AccessControlBadConfirmation();
}
_revokeRole(role, callerConfirmation);
}

Impact

Medium – Owner may be temporary unable to grant roles for new signer, until find the issue and removed the signer from contract.

Proof of Concepts

Add this function into the existing unit test

Run the function with forge test --match-test testRevokeOwnRole -vvvv

function testRevokeOwnRole() public grantSigningRoles {
bytes32 signingRole = multiSigTimelock.getSigningRole();
// Revoke role by signer
vm.prank(SIGNER_TWO);
AccessControl(address(multiSigTimelock)).renounceRole(signingRole, SIGNER_TWO);
// total signer in protocol still registered as 5 signers
uint256 totalSigner = multiSigTimelock.getSignerCount();
assertEq(totalSigner, 5);
// create new transaction
vm.deal(address(multiSigTimelock), 0);
vm.prank(OWNER);
uint256 txnId = multiSigTimelock.proposeTransaction(SPENDER_ONE, OWNER_BALANCE_ONE, hex"");
// signer two can't confirm its transaction due already renounce its power
vm.expectRevert();
vm.prank(SIGNER_TWO);
multiSigTimelock.confirmTransaction(txnId);
}

Recommended mitigation

Override the function inside protocol to avoid it will be missused

+function renounceRole(bytes32 role, address callerConfirmation) public override {
+ console.log("revoke role through contract owner");
+ }

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!