ContractRegistry Manual Review Findings

CRY-01M: Central Point of Failure

Description:

The register function assigns where a particular key points to in the implementations mapping, meaning that it is possible to arbitrarily set the values of sensitive contract implementations such as the deposit and borrow managers that can be approved by Vaults and cause a complete compromisation of the system.

Example:

Copy
20function register (bytes32 key, address implementation) external onlyOwner
21{
22  require(key != bytes32(0), "!valid key");
23  require(implementation != address(0), "!valid impl");
24  require(_implementation[key] != implementation, "reg'd");
25
26
27  _implementation[key] = implementation;
28
29
30  emit Register(key, implementation);
31}

Recommendation:

We strongly recommend the function's ability to overwrite existing entries to be re-evaluated and to potentially enforce some form of queued execution instead of allowing the entries to be written to immediately, thus allowing users to react in case of a malicious adjustment while still allowing normal upgrades to progress.

Alleviation:

A novel queue system was introduced that permits key-value changes to be queued and consequently stored after a day. We should note that the system is initialized in a non-queued state and changes to a queued state irreversibly, however, we consider this exhibit adequately dealt with.