Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-01-LIVEPEER-FINDINGS-ISSUES-195
HistoryJan 19, 2022 - 12:00 a.m.

[WP-M2] DEFAULT_ADMIN_ROLE can approve arbitrary address to spend any amount from the L1Escrow contract

2022-01-1900:00:00
Code4rena
github.com
7
vulnerability
centralization risk
token approval
JSON

Handle

WatchPug

Vulnerability details

function approve(
    address _token,
    address _spender,
    uint256 _value
) public onlyRole(DEFAULT_ADMIN_ROLE) {
    ApproveLike(_token).approve(_spender, _value);
    emit Approve(_token, _spender, _value);
}

L1Escrow.sol#approve() allows an address with DEFAULT_ADMIN_ROLE can approve an arbitrary amount of tokens to any address.

We believe this is unnecessary and poses a serious centralization risk.

A malicious or compromised DEFAULT_ADMIN_ROLE address can take advantage of this, and steal all the funds from the L1Escrow contract.

Recommendation

Consider removing approve() function and approve l1LPT to l1Gateway in the constructor.

The text was updated successfully, but these errors were encountered:

All reactions

JSON