Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix bug allowing anyone to cancel an admin renounce #4238

Merged
merged 6 commits into from
May 11, 2023
Merged

Fix bug allowing anyone to cancel an admin renounce #4238

merged 6 commits into from
May 11, 2023

Conversation

Amxx
Copy link
Collaborator

@Amxx Amxx commented May 10, 2023
edited
Loading

Changes introduced in #4230 include a bug allowing anyone to reset the schedule of an admin renounce:

  • Alice (admin) starts a transfer to address(0)
  • Delay passes
  • Bob (not admin) does `renounceRole(0, bob)
    • if (role == DEFAULT_ADMIN_ROLE) passes
      • newDefaultAdmin == address(0) is true
      • schedule is good
        • delete _pendingDefaultAdminSchedule
    • super.renounceRole
      • caller is the account (bob)
      • caller doesn't have the role: nothing happens (no-op does not revert)

So Bob was able to delete _pendingDefaultAdminSchedule, which shouldn't have been possible

@changeset-bot
Copy link

changeset-bot bot commented May 10, 2023
edited
Loading

⚠️ No Changeset found

Latest commit: 79269df

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@Amxx Amxx requested review from ernestognw and frangio May 10, 2023 20:47
@frangio
Copy link
Contributor

frangio commented May 10, 2023

We should have an additional unit test for this scenario.

frangio
frangio previously approved these changes May 10, 2023
View reviewed changes
ernestognw
ernestognw reviewed May 10, 2023
View reviewed changes
test/access/AccessControl.behavior.js Outdated
@@ -639,6 +642,15 @@ function shouldBehaveLikeAccessControlDefaultAdminRules(errorPrefix, delay, defa
);
});

it('no op if renouncing when not having the role', async function () {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small NIT:

Suggested change
it('no op if renouncing when not having the role', async function () {
it('no-ops if renouncing when not having the role', async function () {

I personally like to read the tests as it('<verb> ... (eg. it('does something ...'))

contracts/access/AccessControlDefaultAdminRules.sol Show resolved Hide resolved
ernestognw
ernestognw previously approved these changes May 10, 2023
View reviewed changes
Copy link
Member

@ernestognw ernestognw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@frangio frangio dismissed stale reviews from ernestognw and themself via 9538a36 May 10, 2023 21:55
frangio
frangio previously approved these changes May 10, 2023
View reviewed changes
@Amxx Amxx requested review from frangio and ernestognw May 11, 2023 07:49
frangio
frangio previously approved these changes May 11, 2023
View reviewed changes
Copy link
Contributor

@frangio frangio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that the test description was updated but is still not following Ernesto's suggestion. But IMO we should come back to this later, there are many tests throughout that are following a different format.

@ernestognw
Copy link
Member

Note that the test description was updated but is still not following Ernesto's suggestion. But IMO we should come back to this later, there are many tests throughout that are following a different format.

Agree, it's a minor readability improvement but a suggestion as well, not mandatory. Will try to enforce this in my reviews but don't feel we need to update every test written the same way

ernestognw
ernestognw requested changes May 11, 2023
View reviewed changes
.gitignore Outdated Show resolved Hide resolved
@frangio frangio enabled auto-merge (squash) May 11, 2023 16:58
@frangio frangio merged commit 3ec4307 into OpenZeppelin:master May 11, 2023
frangio pushed a commit that referenced this pull request May 11, 2023
@Amxx @frangio
Fix bug allowing anyone to cancel an admin renounce (#4238)
e0fe936 
Co-authored-by: Francisco Giordano <fg@frang.io>
(cherry picked from commit 3ec4307)
Amxx added a commit that referenced this pull request May 12, 2023
@Amxx
Update ACDAR FV rules following #4230 and #4238
be9aa53
@Amxx Amxx deleted the fix/acdar branch May 12, 2023 05:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frangio frangio frangio left review comments

@ernestognw ernestognw ernestognw approved these changes

Assignees
No one assigned
Labels
ignore-changeset
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Amxx @frangio @ernestognw