5 matches found
Previous {Operators/Weights/Threshold} Are Still Able To Sign Off New Commands After Operatorship Is Transferred
Lines of code Vulnerability details The administrator will call AxelarAuthWeighted.transferOperatorship function to transfer the operatorship to a new set of Operators/Weights/Threshold. However, it was observed that after transferring the operatorship to a new set of Operators/Weights/Threshold,...
AxelarAuthWeighted - Can set operators to same values to override OLD_KEY_RETENTION
Lines of code Vulnerability details Impact It is possible to transfer operatorship to the same operators by simply doubling the values of the newWeights array and newThreshold value. This could be used by newly appointed operators to invalidate all previous operators and thus invalidate the...
Malicious operators within epoch can not be manually invalidated
Lines of code Vulnerability details Impact Messages are verified and validated by a set of operators. Operators their weights and threshold are defined per epoch and stored as a hash. Transferring operatorship which means creating a new set of valid operators creates a new epoch. Operator sets th...
Hash Collision Within The epochForHash Mapping
Lines of code Vulnerability details It is not possible for the administrator to transfer operatorship to a new set of Operators/Weights/Threshold that has been previously configured because a hash collision will occur within the epochForHash mapping. Proof-of-Concept Assuming that OLDKEYRETENTION...
AxelarAuthWeighted.sol#_validateSignature fails for valid transaction if early signer submits invalid signature
Lines of code Vulnerability details Impact Valid transactions deemed invalid Proof of Concept for ; operatorIndex function isSortedAscAndContainsNoDuplicateaddress memory accounts internal pure returns bool for uint256 i; i = accountsi + 1 return false; return accounts0 != address0; Va...