[M-02] Lack of Minimum Delay Check in relyContract Function

[c4-submissions]

Lines of code

https://github.com/Cyfrin/2023-08-sparkn/blob/47c22b818818af4ea7388118dd83fa308ad67b83/src/ProxyFactory.sol#L205-L219

Vulnerability details

Vulnerable code:

        AuthLike(target).rely(user);
        emit RelyContract(target, user);
    }

Issue summary:
In the relyContract function of the smart contract, there is a missing minimum delay check when relying on another contract. This function allows the contract to rely on another contract, granting it certain privileges or permissions.

Vulnerability details:The vulnerability arises due to insufficient validation of the proxy parameter passed to the function.

Impact:
As per the documentation, relying on another contract should go through a time delay specified in the Root.delay variable, which is initially set to 48 hours. The absence of a minimum delay check means that this crucial security measure is not being enforced, potentially leading to unauthorized or unintended contract interactions.

Recommendations:
To address this issue and ensure the enforcement of the minimum delay requirement as per the documentation, consider implementing the following remediation steps:
1. Minimum Delay Check: Add a check in the relyContract function to ensure that the Root.delay time has passed before allowing the contract to rely on another contract. You can use a require statement to enforce this delay.
2. Time Management: Ensure that the contract's time management functions are correctly implemented, and the delay is accurately calculated based on the Root.delay variable.

Assessed type

Timing

[c4-pre-sort]

raymondfam marked the issue as low quality report

[c4-pre-sort]

raymondfam marked the issue as duplicate of #298

[c4-judge]

gzeon-c4 changed the severity to QA (Quality Assurance)

[c4-judge]

gzeon-c4 marked the issue as grade-c