Vanguard
First Flight #56
Beginner FriendlyDeFiFoundry
0 EXP
View all submissions
Previous Next
Submission Details
Impact: high
Likelihood: high

Timelock Can Be Permanently Disabled via Self-Call Governance Execution

Author Revealed upon completion

Root + Impact

Description

  • The timelock is intended to enforce a mandatory delay on all governance actions so that critical changes cannot be executed immediately.

The timelock allows execution of transactions that target itself, enabling governance actions to modify or disable the timelock configuration, permanently removing the delay guarantee.

// @> Timelock allows self-targeted execution
executeTransaction(
address(this),
value,
data
);

Risk

Likelihood:

  • Occurs during normal governance operations where self-calls are permitted for configuration changes

Requires only signer approval, not abnormal execution conditions

Impact:

  • Permanent removal of timelock protections

Immediate execution of future governance actions, enabling full governance takeover

Proof of Concept

// Queue transaction to set delay to zero
submitTransaction(
address(this),
0,
abi.encodeWithSelector(setDelay.selector, 0)
);
// After delay passes
executeTransaction(txId);
// Timelock is now disabled

Recommended Mitigation

  • Disallow timelock self-modification or enforce stricter delay rules for timelock changes

- remove this code
+ add this code
+ require(
+ target != address(this),
+ "Timelock self-modification forbidden"
+ );

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!