Analysis of OZ TimelockController security vulnerability patch

Timelock vulnerability tweet from OZ
Commit with the patch

TimelockController logic

  • schedule, which sets the timelock for a specific function call, and
  • execute, which executes the scheduled function call after the delay has passed.

Vulnerability analysis

Exploit

  • updateDelay on timelock controller ceontract, setting delay to 0 and allowing to execute proposals in the same block they are submitted,
  • grantRole on timelock controller to grant ADMIN role to the contract deployed by the attacker (we will come back to this contract in a second),
  • attack on the contract deployed by the attacker, which has ADMIN role at this moment (explained below).

Conclusions

--

--

--

Security Consultant @ Securing, PhD, Blockchain Security, Cryptography Protocols || Twitter: @drdr_zz

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

10.19 presentation

OpenSwap: This Week’s Progress

LBank About to Enable「Deposit to Get Children’s Day Gift」Event

PANTHER (incentivized testing)

Cyber security does not concern states but rather human beings (and the 7 actions we should be…

What You Need To Find out about info And also Why

No Rate Limit leads to Account Takeover..

Oauth misconfiguration == Pre-Account Takeover

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Damian Rusinek

Damian Rusinek

Security Consultant @ Securing, PhD, Blockchain Security, Cryptography Protocols || Twitter: @drdr_zz

More from Medium

16. Preservation — Ethernaut

Smart Contract Security Registry

Capture The Ether: predict the block hash

DevOps And Other Lessons Learned From WormHole Hack