Broad Jetblack Alligator
Medium
The fixed role assignment at contract initialization poses a security risk, as compromised admin accounts cannot be revoked or replaced, potentially allowing unauthorized control over essential contract functions.
In MasterUtils.sol, the initialize function sets up roles using _setupRole without providing mechanisms to change or revoke these roles.
- The contract needs to be deployed and initialized.
- Roles (DEFAULT_ADMIN_ROLE, OPERATOR_ROLE, SETTER_ROLE, WITHDRAWER_ROLE) are assigned to specific addresses during initialization.
A role address get hacked.
- An attacker gains control of a critical address (e.g., OPERATOR_ROLE).
- They can perform unauthorized actions, like altering essential parameters.
- The protocol owners are unable to revoke the compromised role or assign it to a secure address.
The protocol risks losing control over essential functions, which may result in financial losses, unauthorized alterations to contract parameters, or complete contract failure, impacting all users and stakeholders.
No response
Implement functions to revoke and reassign roles, accessible only by the DEFAULT_ADMIN_ROLE or the WITHDRAWER_ROLE because its a multisig