Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access control : wrongly setting the new guardian address to governance address #46

Closed
code423n4 opened this issue Nov 16, 2021 · 1 comment
Closed

Access control : wrongly setting the new guardian address to governance address #46

code423n4 opened this issue Nov 16, 2021 · 1 comment
Labels
3 (High Risk) bug Something isn't working duplicate This issue or pull request already exists sponsor confirmed

Comments

@code423n4
Copy link
Contributor

Handle

ksk2345

Vulnerability details

Impact

Impact is high; once a new guardian is set using 'setGuardian' function, the new guardian is in full control of the contract, due to this bug. The setGuardian function mistakenly sets the governance address instead of setting it to guardian.

Proof of Concept

Issue found in two contracts

  1. Ref : https://github.com/Badger-Finance/badger-ibbtc-utility-zaps/blob/a5c71b72222d84b6414ca0339ed1761dc79fe56e/contracts/SettToRenIbbtcZap.sol
    line 130 : function setGuardian

  2. Ref : https://github.com/Badger-Finance/badger-ibbtc-utility-zaps/blob/6f700995129182fec81b772f97abab9977b46026/contracts/IbbtcVaultZap.sol
    line 116 : function setGuardian

    function setGuardian(address _guardian) external {
    _onlyGovernance();
    governance = _guardian;
    }

Wrongly setting governance address which is meant to set new guardian address

Tools Used

Manual review

Recommended Mitigation Steps

Change as below in both the contract's setGuardian function

function setGuardian(address _guardian) external {
    _onlyGovernance();
    guardian = _guardian;
}
@code423n4 code423n4 added 2 (Med Risk) bug Something isn't working labels Nov 16, 2021
code423n4 added a commit that referenced this issue Nov 16, 2021
@code423n4
ksk2345 issue #46
5762077
@shuklaayush shuklaayush added duplicate This issue or pull request already exists sponsor confirmed labels Nov 16, 2021
@0xleastwood
Copy link
Collaborator

duplicate of #51

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3 (High Risk) bug Something isn't working duplicate This issue or pull request already exists sponsor confirmed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@shuklaayush @0xleastwood @code423n4