Missing access controls in the Timelock.executeTransaction function allow Proposal transactions to be executed separately, circumventing the Governor.execute function.
Short term, only allow the admin to call Timelock.executeTransaction
- ToB Audit Origin Dollar Finding 8
- Access Control
- High Severity
- Timelock
executeTransaction()- Only Admin
executeTransaction()
- Youtube Reference
- High Risk severity finding from ToB’s Audit of Origin Dollar