Omniscia Kanpeki Finance Audit
ContractRegistry Manual Review Findings
ContractRegistry Manual Review Findings
CRY-01M: Central Point of Failure
Type | Severity | Location |
---|---|---|
Logical Fault | Medium | ContractRegistry.sol:L20-L31 |
Description:
The register
function assigns where a particular key points to in the implementations mapping, meaning that it is possible to arbitrarily set the values of sensitive contract implementations such as the deposit and borrow managers that can be approved by Vaults and cause a complete compromisation of the system.
Example:
20function register (bytes32 key, address implementation) external onlyOwner21{22 require(key != bytes32(0), "!valid key");23 require(implementation != address(0), "!valid impl");24 require(_implementation[key] != implementation, "reg'd");25
26
27 _implementation[key] = implementation;28
29
30 emit Register(key, implementation);31}
Recommendation:
We strongly recommend the function's ability to overwrite existing entries to be re-evaluated and to potentially enforce some form of queued execution instead of allowing the entries to be written to immediately, thus allowing users to react in case of a malicious adjustment while still allowing normal upgrades to progress.
Alleviation:
A novel queue system was introduced that permits key-value changes to be queued and consequently stored after a day. We should note that the system is initialized in a non-queued state and changes to a queued state irreversibly, however, we consider this exhibit adequately dealt with.