Flat Gingerbread Cobra
High
The protocol admin or a compromised admin can transfer all the tokens from the MasterAMO contract .
Before the deploying of the MasterAMO contract , it is initialized with a set of parameters , one which is the granting of DEFAULT_ADMIN_ROLE to an admin.
The DEFAULT_ADMIN_ROLE when granted to an address , has the ability to grant and revoke any role as seen on L116 of the MasterAMO contract.
Any address granted the WITHDRAWER_ROLE has the ability to transfer tokens from the contract to any arbitrary address . This is done by calling function withdrawERC20() which is only callable by any address granted the WITHDRAWER_ROLE .
This is problematic because if the admin is compromised or malicious , they have the ability to transfer every token from the contract to an arbitrary address.
No response
No response
No response
Protocol will loose funds No response
function withdrawERC20(
address token,
uint256 amount,
address recipient
) external override onlyRole(WITHDRAWER_ROLE) {
if (recipient == address(0)) revert ZeroAddress();
@> IERC20Upgradeable(token).safeTransfer(recipient, amount);
}Withdrawals should be restricted to a multisig wallet