Governor admin can rug the protocol by proposing and executing malicious proposal by himself after the timelock #167
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-239
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Lines of code
https://github.com/code-423n4/2022-10-zksync/blob/456078b53a6d09636b84522ac8f3e8049e4e3af5/ethereum/contracts/zksync/facets/DiamondCut.sol#L22
https://github.com/code-423n4/2022-10-zksync/blob/456078b53a6d09636b84522ac8f3e8049e4e3af5/ethereum/contracts/zksync/facets/DiamondCut.sol#L46
Vulnerability details
Impact
Governor admin can rug the protocol by proposing and executing malicious proposal by himself after the timelock
Proof of Concept
There is nothing stop compromised governor admin rug the protocol by proposing and executing malicious proposal by himself after the timelock.
The malicious proposal can be adding malicious facet and steal user fund.
The malicious proposal can be removing all the diamond facet or freeze all facet.
to complete executing the malicious proposal.
Tools Used
Manual Review
Recommended Mitigation Steps
I think having the governor propose a proposal and requesting at least SECURITY_COUNCIL_APPROVALS_FOR_EMERGENCY_UPGRADE approve from the security council
can make the executing new proposal process more decentralized.
The text was updated successfully, but these errors were encountered: