Skip to content

Latest commit

 

History

History
53 lines (29 loc) · 1.51 KB

046.md

File metadata and controls

53 lines (29 loc) · 1.51 KB

Odd Tartan Gerbil

High

Lack of Access Control

Summary

Functions like deploy_NumaV2 and migrate_NumaV1V2 can be called by any address, which creates security risks and may lead to unauthorized deployments or migrations.

Root Cause

In vaultV2Deployer.sol, there are no access control mechanisms implemented for critical functions, allowing anyone to execute them.

Internal pre-conditions

  1. Admin should be the only one able to call deploy_NumaV2 and migrate_NumaV1V2.

External pre-conditions

  1. No external pre-conditions are required, but an unauthorized user could potentially call the functions.

Attack Path

  1. An unauthorized user calls deploy_NumaV2() or migrate_NumaV1V2().
  2. The contract executes the function without restriction, potentially causing unwanted deployments or migrations.

Impact

The protocol may experience unwanted contract deployments or migrations, potentially leading to erroneous contract states or security vulnerabilities.

PoC

Numa/contracts/deployment/vaultV2Deployer.sol

modifier onlyOwner() {
    require(msg.sender == owner, "Not authorized");
    _;
}

function deploy_NumaV2() public onlyOwner {
    // deployment logic
}

Mitigation

Implement access control mechanisms like onlyOwner modifier for critical functions to ensure that only authorized users can call them.