Intended configuration of recoveryDelay < timelockDelay allows for malicious takeover by recovery spells
#15
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
nullified
Issue is high quality, but not accepted
primary issue
Highest quality submission among a set of duplicates
🤖_38_group
AI based duplicate group recommendation
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
sufficient quality report
This report is of sufficient quality
Comments
howlbot-integration
bot
added
2 (Med Risk)
|
This is a known issue, already covered in the docs, see guardian scenarios https://github.com/code-423n4/2024-10-kleidi/blob/main/docs/EDGECASES.md#guardian |
|
all of these parameters will be enforced from the frontend as there is no way to enforce them onchain without revealing the recovery spells |
ElliotFriedman
added
the
sponsor disputed
|
I don't believe this is valid There is no one intended configuration, the EDGECASES and Readme make it clear that it "depends on who you trust" This seems like a known feature of the system |
|
GalloDaSballo marked the issue as nullified |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2024-10-kleidi/blob/ab89bcb443249e1524496b694ddb19e298dca799/src/RecoverySpell.sol#L95-L127
Vulnerability details
Vulnerability Details
Impact
RecoverySpell.solstates that it is of CRITICAL importance for the deployer to have recovery spells with thedelayfor therecoverySpellto become executable (hereafter referred to asrecoveryDelay) shorter than thedelayfor a scheduled proposal to become executable inTimelock.sol(hereafter referred to astimelockDelay)Even though it is only a comment, it says that the condition should be met by default and is basically a rule that should be followed, but that it is not possible to enforce that in the smart contracts.
This will make deployers to follow the comment's instructions. However, if the recovery spell is malicious, they will lose their safe.
Proof of Concept
The attacker creates a recovery spell with
recoveryDelay = 10 days.The deployer creates a new system instance with the malicious recovery spell and a
timelockDelayof20 days. He chooses this delay because of the comment that says it is of critical importance for the following to be true:recoveryDelay < timelockDelay.The
recoveryDelayruns out and the malicious recovery spell gets executed.Recommended Mitigation Steps
The timing constraints recommended to be used by the protocol are unsafe and the protocol needs to assess which timing constraints are not exploitable, if such timing constraints exist.
It should also be assessed whether it is possible to enforce the timing constraints in the smart contracts.
Assessed type
Timing
The text was updated successfully, but these errors were encountered: