mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2026-01-16 18:43:10 -06:00
Code Issues Packages Projects Releases Wiki Activity
dendrite/zion/contracts
History
Giuseppe Rodriguez cade6d1de3 Audit Fixes 3 - [M-1] More than one Role can contain the Permissions.Owner permission (#1429) 
Impact: High

Likelihood: Low

According to the discussion with the team, it is expected that in Space
contracts, only one Role can have the Permissions.Owner permission.
Currently, multiple Roles can be created containing this permission.
This is caused by Space.sol’s createRole() function allowing the
OpenZeppelin owner to create new owner-permissioned roles without limit.

Remediations to consider:

Do not allow multiple roles to be created with the ownership permission.
This could be done with something like: if Space.sol’s ownerRoleId is
set, do not allow new roles to be created with the Permissions.Owner
permission.

 Fixes HNT-703 as well
2023-02-07 19:23:07 -08:00
..
goerli_space Deploy latest space goerli types and contracts (#1230) 2023-01-13 17:02:33 -08:00
goerli_space_factory generate user entitlement types for localhost and goerli (#1272) 2023-01-24 13:08:46 -08:00
localhost_space Audit Fixes 3 - [M-1] More than one Role can contain the Permissions.Owner permission (#1429) 2023-02-07 19:23:07 -08:00
localhost_space_factory Audit Fixes 1 - Removes OZ Ownable from Space contract and makes checks for space token ownership to see if caller is space owner (#1424) 2023-02-07 15:57:39 -08:00
zion_localhost Update contract addresses (#1354) 2023-01-27 16:08:13 -08:00