Vanguard
First Flight #56
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: high
Invalid

Timelock Can Be Permanently Disabled via Self-Call Governance Execution

pushprakash23

Root + Impact

Description

  • The timelock is intended to enforce a mandatory delay on all governance actions so that critical changes cannot be executed immediately.

The timelock allows execution of transactions that target itself, enabling governance actions to modify or disable the timelock configuration, permanently removing the delay guarantee.

// @> Timelock allows self-targeted execution
executeTransaction(
address(this),
value,
data
);

Risk

Likelihood:

  • Occurs during normal governance operations where self-calls are permitted for configuration changes

Requires only signer approval, not abnormal execution conditions

Impact:

  • Permanent removal of timelock protections

Immediate execution of future governance actions, enabling full governance takeover

Proof of Concept

// Queue transaction to set delay to zero
submitTransaction(
address(this),
0,
abi.encodeWithSelector(setDelay.selector, 0)
);
// After delay passes
executeTransaction(txId);
// Timelock is now disabled

Recommended Mitigation

  • Disallow timelock self-modification or enforce stricter delay rules for timelock changes

- remove this code
+ add this code
+ require(
+ target != address(this),
+ "Timelock self-modification forbidden"
+ );
Updates

Lead Judging Commences

chaossr Lead Judge
18 days ago
chaossr Lead Judge
18 days ago

Appeal created

chaossr Lead Judge 17 days ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!