Incorrect access control for announcer registry
Description
The announcer registry is not allowed to withdraw or deposit funds to the treasury. The treasury verifies the correctness of the message source by calculating the hash of the approver where approver_mod_hash
is provided via the solution. The treasury verifies that approver_mod_hash
is in approval_mod_hashes
via the following,
(contains approval_mod_hashes approver_mod_hash)
as the approval mod hashes contain the hash of the following five mods, which also contain the announcer registry.
collateral_vault.clsp
surplus_auction.clsp
recharge_auction.clsp
savings_vault.clsp
announcer_registry.clsp
Impact
The announcer registry is given an additional access to deposit/withdraw funds from the treasury, but it should not be given that access as it may allow the announcer registry to withdraw funds from the treasury. As the conditions returned from the announcer registry are verified and do not contain any such condition to the treasury, any future changes may lead to potential issues.
Recommendations
We recommend to verify that the approver_mod_hash
is from the first four mods of the approval_mod_hashes
.
Remediation
Voltage Technologies Ltd. commented that future changes to the announcer registry and treasury are not expected. As such, because this is not currently a vulnerability, no remediation is necessary.