Platform: Code4rena
Start Date: 02/06/2023
Pot Size: $100,000 USDC
Total HM: 15
Participants: 75
Period: 7 days
Judge: Picodes
Total Solo HM: 5
Id: 249
League: ETH
Rank: 15/75
Findings: 4
Award: $1,855.13
🌟 Selected for report: 0
🚀 Solo Findings: 0
1271.014 USDC - $1,271.01
https://github.com/code-423n4/2023-06-stader/blob/main/contracts/StaderConfig.sol#L176-L183
If the StagerConfig.updateAdmin() function is invoked with StagerConfig's current admin as _admin (possibly because of a human error), it grants it with the admin role (which it already have) and then revoke this role from it.
In this case, the StagerConfig contract is left with no admin forever.
Revert in StagerConfig.updateAdmin() if _admin == oldAdmin
Invalid Validation
#0 - c4-judge
2023-06-12T12:54:08Z
Picodes marked the issue as duplicate of #390
#1 - c4-judge
2023-07-02T09:43:00Z
Picodes marked the issue as satisfactory
102.2712 USDC - $102.27
https://github.com/code-423n4/2023-06-stader/blob/main/contracts/Auction.sol#L14 https://github.com/code-423n4/2023-06-stader/blob/main/contracts/Auction.sol#L48 https://github.com/code-423n4/2023-06-stader/blob/main/contracts/Auction.sol#L62
The Auction contract inherits PausableUpgradeable, and therefore is expected to be pausable. Two of its functions (Auction.createLot() and Auction.addBid()) even use the whenNotPaused modifier, to prevent their invokation when the contract is paused.
For the contract to enter a "paused" state, it must call its internal PausableUpgradeable._pause() function. However, this internal function is never called, and as a result, the contract could not be paused.
Add admin functions that call PausableUpgradeable._pause() and PausableUpgradeable,_unpause().
Access Control
#0 - c4-judge
2023-06-10T10:45:10Z
Picodes marked the issue as duplicate of #383
#1 - c4-judge
2023-07-02T09:44:31Z
Picodes marked the issue as satisfactory
102.2712 USDC - $102.27
https://github.com/code-423n4/2023-06-stader/blob/main/contracts/OperatorRewardsCollector.sol#L16 https://github.com/code-423n4/2023-06-stader/blob/main/contracts/OperatorRewardsCollector.sol#L46
The OperatorRewardsCollector contract inherits PausableUpgradeable, and therefore is expected to be pausable. One of its functions (OperatorRewardsCollector.claim()) even uses the whenNotPaused modifier, to prevent its invokation when the contract is paused.
For the contract to enter a "paused" state, it must call its internal PausableUpgradeable._pause() function. However, this internal function is never called, and as a result, the contract could not be paused.
Add admin functions that call PausableUpgradeable._pause() and PausableUpgradeable,_unpause().
Access Control
#0 - c4-judge
2023-06-10T10:45:06Z
Picodes marked the issue as duplicate of #383
#1 - c4-judge
2023-07-02T09:44:29Z
Picodes marked the issue as satisfactory
463.2846 USDC - $463.28
https://github.com/code-423n4/2023-06-stader/blob/main/contracts/StaderConfig.sol#L102 https://github.com/code-423n4/2023-06-stader/blob/main/contracts/StaderConfig.sol#L176-L183
The initial admin, which is granted with this role on StagerConfig.initialize(), retains its permissions (admin role) after being replaced with another admin via StagerConfig.updateAdmin().
The StagerConfig.updateAdmin() function attempts to revoke the admin role of the admin being replaced, but it fails to do so with the initial admin, because accountsMap[ADMIN] was never set with its address. accountsMap[ADMIN] is updated only via call to StagerConfig.updateAdmin(), and admin role wasn't granted to the initial admin via this function.
If the initial admin was replaced due to security concerns (e.g., it's credentials were compromised), that replacement won't help because the initial admin would retain its permissions.
Add the following code to StagerConfig.initialize():
accountsMap[ADMIN] = _admin;
Access Control
#0 - c4-judge
2023-06-10T13:27:01Z
Picodes marked the issue as duplicate of #171
#1 - c4-judge
2023-07-02T12:45:26Z
Picodes marked the issue as satisfactory
#2 - c4-judge
2023-07-03T12:11:06Z
Picodes changed the severity to 2 (Med Risk)