Authorization Bypass Due to Expired Timestamp Check #45
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-22
🤖_18_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Comments
howlbot-integration
bot
added
3 (High Risk)
c4-judge
added
the
unsatisfactory
|
alex-ppg marked the issue as unsatisfactory: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/ronin-chain/katana-operation-contracts/blob/27f9d28e00958bf3494fa405a8a5acdcd5ecdc5d/src/governance/KatanaGovernance.sol#L378
Vulnerability details
The
_isAuthorizedfunction allows access when block.timestamp is greater than the expiry timestamp, which is the opposite of the expected behavior. This logic flaw effectively allows accounts to maintain authorization even after the intended expiry period has passed, potentially bypassing security restrictions.In the Dispatcher.sol contract, the checkAuthorizedV3Path function calls isAuthorized, which relies on the _isAuthorized function to verify permissions. Due to a logic flaw in _isAuthorized, accounts are incorrectly granted authorization after the expiry timestamp has passed. This unintended behavior could allow unauthorized access to critical functionality, leading to potential misuse or exploitation of restricted actions.
this vulnerability has high severity because it bypasses intended security restrictions.
Mitigation:
Assessed type
Access Control
The text was updated successfully, but these errors were encountered: