Formal Rusty Aardvark
High
The misuse of the Pausable mechanism will cause a complete loss of access to the contract for users as a malicious admin will pause all operations, blocking user interactions.
In MasterAMO.sol, the management of the Pausable mechanism lacks checks to prevent misuse of administrative privileges, particularly regarding the ability to pause and unpause the contract without a governance mechanism in place.
In MasterAMO.sol:76, the function pause() can be called by any address with PAUSER_ROLE, which can be manipulated if the admin role is compromised.
Admin needs to have the PAUSER_ROLE assigned to pause the contract. A malicious user needs to gain control of the admin role or PAUSER_ROLE.
No external protocol conditions need to be met to exploit this vulnerability.
A malicious actor gains access to the admin wallet or directly compromises the role assigned to a trusted account. The malicious actor calls the pause() function on the MasterAMO contract, effectively pausing all operations. Users are unable to interact with the contract, preventing them from withdrawing funds or performing any transactions.
The users suffer a total loss of access to their funds in the contract. The attacker gains control over the contract's operations without any loss, effectively locking out legitimate users.
// SPDX-License-Identifier: MIT pragma solidity ^0.8.19;
import "@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol";
contract MaliciousActor { PausableUpgradeable public targetContract;
constructor(address _target) {
targetContract = PausableUpgradeable(_target);
}
function exploit() public {
targetContract.pause(); // Calls the pause function without restrictions
}
}
To mitigate this issue, implement a governance mechanism requiring a majority vote to pause or unpause the contract. Additionally, consider implementing time locks for critical operations to prevent sudden changes that could adversely affect users.