Back to gs8nrv's contests

Backd contest - gs8nrv's results

Maximize the power of your assets and start earning yield

General Information

Platform: Code4rena

Start Date: 21/04/2022

Pot Size: $100,000 USDC

Total HM: 18

Participants: 60

Period: 7 days

Judge: gzeon

Total Solo HM: 10

Id: 112

League: ETH

Backd

Findings Distribution

Researcher Performance

Rank: 31/60

Findings: 1

Award: $293.06

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryBackd

Findings Information

🌟 Selected for report: hubble

Also found by: TrungOre, antonttc, csanuragjain, gs8nrv, rayn, reassor

Labels

bug
duplicate
2 (Med Risk)
reviewed

Awards

293.0606 USDC - $293.06

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/access/RoleManager.sol#L155

Vulnerability details

Impact

In the file RoleManager.sol the function _revokeRole doesn't remove the account from the _roleMembers[role] set.

This makes getRoleMemberCount wrong (for the else part) therefore the renounceGovernance require, on the number of governor, useless and risky as there could be no governance anymore. This imply among other things, that no account would be admin of all other roles, as the Governance Role is admin to all others. So if the last governor is removed, access control would be frozen for the whole the protocol

Proof of Concept

(1) https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/access/RoleManager.sol#L155

Tools Used

Hardhat-ts testing

Remove from the set the corresponding account for the role

#0 - chase-manning

2022-04-28T11:48:27Z

Duplicate of #164

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter