ūüďĄ

Report #30049

Report Date
April 13, 2024
Status
Closed
Payout

Unrestricted Role Modification in AccessControl Contract

‚Ä£
Report Info

Report ID

#30049

Report type

Smart Contract

Has PoC?

Yes

Target

https://etherscan.io/address/0xBEA0000029AD1c77D3d5D23Ba2D8893dB9d1Efab

Impacts

  • Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield

Description

VRT (Vulnerability Rating Taxonomy): 8.6 (High)

CVSS (Common Vulnerability Scoring System): 9.2 (Critical)

Description: The AccessControl contract allows for dynamic role assignment and revocation without enforcing proper access control checks. As a result, any address can call the grantRole and revokeRole functions, leading to unauthorized modification of roles.

Impact: An attacker exploiting this vulnerability could gain unauthorized access to sensitive functions or resources controlled by specific roles, bypassing intended access controls. This could result in severe financial losses, data breaches, or disruption of contract operations.

Proof of Concept (PoC):

  1. Deploy the AccessControl contract on the Ethereum network.
  2. Obtain the contract address (e.g., 0xC1E088fC1323b20BCBee9bd1B9fC9546db5624C5).
  3. Use any Ethereum wallet or script to call the grantRole or revokeRole functions with arbitrary roles and addresses as arguments.
  4. Verify that the role modifications are executed without requiring proper authorization.

Recommended Fix: Implement access control checks within the grantRole and revokeRole functions to ensure that only authorized administrators can perform role modifications. This can be achieved by validating the sender's permissions against the designated admin role associated with each role.

Proof of concept

Proof of Concept (PoC): 1. Deploy the AccessControl contract on the Ethereum network. 2. Obtain the contract address (e.g., 0xC1E088fC1323b20BCBee9bd1B9fC9546db5624C5). 3. Use any Ethereum wallet or script to call the grantRole or revokeRole functions with arbitrary roles and addresses as arguments. 4. Verify that the role modifications are executed without requiring proper authorization. of Concept

Immunefi Response

Thank you for submitting your vulnerability report to the Beanstalk bug bounty program. We appreciate your efforts and taking the time to report vulnerabilities to us. We have reviewed your submission, but unfortunately, we are closing the report for the following reasons:
  • The submission contains the¬†output of an automated scanner without demonstrating that it is a valid issue.
  • The submission lacks the required information regarding the vulnerability's impact on the reported asset.

As per the bug bounty program's policy, we require all submissions to be accompanied by a Proof of Concept (PoC) that demonstrates the vulnerability's existence and impact. Since the submission doesn't provide any proof of the vulnerability's existence, we have decided to close it.

Please note that the project will receive a report of the closed submission and may choose to re-open it, but they are not obligated to do so.