Assessment reportsPublic findings
Back to Zellic site
Assessment reports>MightyNet>Low findings>Restriction pattern creates centralization risk
GeneralOverview
Findings
Low (2)Missing registry check in `restrict`Restriction pattern creates centralization risk
Informational (2)
DiscussionContracts are upgradeableTransfer restriction logic omitted in ERC721RestrictableDocumentation
Threat ModelsWhat are threat models?MightyNetERC721RestrictedRegistry.sol
Audit ResultsSummary
Category: Business Logic

Restriction pattern creates centralization risk

Low Severity
Low Impact
Low Likelihood

Description

The MightyNetERC721RestrictedRegistry contract gives approved users or contracts the ability to restrict specific tokens.

function restrict(
    address tokenContract,
    uint256[] calldata tokenIds
) external override onlyRole(RESTRICTOR_ROLE) nonReentrant whenNotPaused {
    uint256 tokenCount = tokenIds.length;
    if (tokenCount == 0) {
        revert InvalidTokenCount(tokenCount);
    }
    for (uint256 i = 0; i < tokenCount; ++i) {
        uint256 tokenId = tokenIds[i];
        if (!ERC721Restrictable(tokenContract).exists(tokenId)) {
            revert InvalidToken(tokenContract, tokenId);
        }
        bytes32 tokenHash = keccak256(
            abi.encodePacked(tokenContract, tokenId)
        );
        if (_isRestricted(tokenHash)) {
            revert TokenAlreadyRestricted(tokenContract, tokenId);
        }
        _tokenRestrictions[tokenHash] = msg.sender;
    }
    emit Restricted(tokenContract, tokenIds);
}

Any address with the RESTRICTOR_ROLE can invoke this function to restrict any token in any token contract, without approval by users. Further, only the address that added a token's restriction is able to remove the restriction.

Impact

This exposes all assets to risks in approved contracts. If any such contracts experience key compromises, upgrade issues, or implementation vulnerabilities, then arbitrary assets might become locked. Additionally, this restriction pattern requires that both the admin and all approved contracts are highly trusted by users.

Recommendations

We recommend that Mighty Bear Games

  • implement a system where users first approve restrictions,

  • use token transfers to hold staked assets, or

  • clearly document trust assumptions associated with restrictors.

Remediation

Mighty Bear Games acknowledges this. As per their response, they have decided to go with the third recommendation and clearly document trust assumptions with restrictors.

The following is their provided response:

We are updating the readme to address this. Once the next deployment is done, we are planning to create a public github repository so that this readme can be player facing. We will also link to the repository from the whitepaper and a public facing FAQ page.

Zellic © 2024Back to top ↑