The Governor contract contains special functions to let the guardian queue a transaction to change the Timelock.admin.
However, a regular Proposal is also allowed to contain a transaction to change the Timelock.admin.
This poses an unnecessary risk in that an attacker could create a Proposal to change the Timelock.admin.
Short term, add a check that prevents setPendingAdmin to be included in a Proposal
- ToB Audit Origin Dollar Finding 9
- Access Control
- High Severity
- Timelock.admin Change
- Proposal Transaction
- Prevent
setPendingAdmin
- Youtube Reference
- High Risk severity finding from ToB’s Audit of Origin Dollar