Zellic - Audit Reports

Assessment reports Public findings

Back to Zellic site

Assessment reports>Security Policy>Threat Model>enableSecurityPolicies

GeneralOverview

DiscussionReturn datasize unchecked Bypassing Security Policies

Threat ModelWhat are threat models?ERC7484SecurityPolicy.sol

SecurityPolicyManagerPlugin.sol checkAndEnableModule checkSetupAndEnableModule disableSecurityPoliciesRange disableSecurityPolicy enableSecurityPolicies enableSecurityPolicy

Audit ResultsSummary

Function: `enableSecurityPolicies(ISecurityPolicyPlugin[] _policies)`

This enables security policies, inserting into the linked list.

Inputs

_policies
- Control: Full.
- Constraints: policies[x] != SENTINEL && policies[x] != 0x0.
- Impact: The policies.

Branches and code coverage (including function calls)

Intended branches

Policies are added into the linked list in order.
Test coverage
Length should increase in accordance to the number of policies added.
Test coverage
Works twice in a row.
Test coverage

Negative behavior

Inserted Security Policies cannot be the sentinel address.
Negative test
Inserted Security Policies cannot be 0x0.
Negative test
Can fully remove all the policies.
Negative test

Zellic © 2024Back to top ↑