Platform: Code4rena
Start Date: 07/04/2022
Pot Size: $50,000 USDC
Total HM: 5
Participants: 19
Period: 5 days
Judge: 0xean
Total Solo HM: 4
Id: 109
League: COSMOS
Rank: 10/19
Findings: 1
Award: $358.65
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: CertoraInc, Dravee, Funen, cccz, delfin454000, dirk_y, ilan, rayn, rishabh
358.6549 USDC - $358.65
Through my review of this project I have found 1 low risk issue. The issue lies in the AdminMultisigBase contract here. Currently, all the admins are setup during the initial call to setup in AxelarGatewayMultisig here. However there is currently no way to change the admins without voting on updating the implementation.
What if some of the admins left the project? There should be the ability to change/add/remove admins if a majority of the admins vote to do so to avoid situations where admins are inactive or an event such as a disagreement causes them to be nefarious instead. This change would involve adding the relevant methods in AdminMultisigBase and the corresponding hooks/methods in AxelarGatewayMultisig or AxelarGateway to make these internal methods accessible.
#0 - deluca-mike
2022-04-19T18:26:42Z
Good find, and while we did know about this a while ago, the issue is that we'd rather the gateway be frozen in its implementation and we move onto another gateway if needed, rather than incentivizing the "elimination" of admins so that the remaining admins can take control.