Micro Carrot Woodpecker
High
Owner cannot assign necessary roles due to missing initial owner assignment in blacklist.sol and stableCoinHandler.sol
The lack of implementation of the _grantRole function in blacklist.sol and stableCoinHandler.sol prevents the assignment of critical roles (BLACKLISTER_ROLE, PAUSER_ROLE, SWAPPER_ROLE, MAINTAINER_ROLE). This will cause restricted functionality for these contracts as the owner cannot initialize or assign roles required to perform role-specific functions, and due to the absence of an initial owner assignment in blacklist.sol and stableCoinHandler.sol prevents role-based functions from being assigned. This will cause restricted functionality for the contracts, as the owner cannot use grantRole to initialize or assign roles required for operational control.
https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/stablecoin/StablecoinHandler.sol#L70C1-L73C76
https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/util/abstract/Blacklist.sol#L32C1-L32C78
In blacklist.sol and stableCoinHandler.sol, the critical roles (BLACKLISTER_ROLE, PAUSER_ROLE, SWAPPER_ROLE, MAINTAINER_ROLE) are defined but not initialized or assigned to any entity. Without an accessible grantRole or _grantRole function, these roles cannot be assigned, limiting the functionality of the contract.
- In blacklist.sol, BLACKLISTER_ROLE is defined but lacks an assignment mechanism, preventing the blacklist functionality from being activated.
- In stableCoinHandler.sol, roles such as PAUSER_ROLE and SWAPPER_ROLE cannot be assigned, hindering the contract’s operational flexibility and control.
1 - The owner needs to be assigned upon contract deployment or initialization to enable calls to grantRole. 2 - BLACKLISTER_ROLE in blacklist.sol requires the owner's permission to be granted to an authorized party. 2- PAUSER_ROLE, SWAPPER_ROLE, and MAINTAINER_ROLE in stableCoinHandler.sol must be assignable by the owner to perform their respective functions.
No response
- The owner attempts to assign roles but cannot due to a lack of initial assignment.
- This prevents the use of any role-based functionality in the affected contracts, making role-specific functions unusable.
The protocol loses essential operational capabilities, impacting user experience and protocol security:
- In blacklist.sol, blacklisting functionality is disabled since the BLACKLISTER_ROLE cannot be assigned.
- In stableCoinHandler.sol, critical functions like pausing, swapping, and maintenance are unusable, as PAUSER_ROLE, SWAPPER_ROLE, and MAINTAINER_ROLE are unassigned.
No response
- Assign the owner upon contract initialization, ensuring the owner has the permission to call grantRole.
- Implement a secure grantRole process so that only the owner can initialize and assign roles as required.