Skip to content

SCSVS-AUTH-1

S4.1 Role-Based Access Control (RBAC)

Control Objective

Implement role-based access control to manage permissions and ensure that only authorized users can access specific functions. This includes validating identities, applying the least privilege principle, and ensuring appropriate access controls are in place.

S4.1.A Multi-Signature Schemes

SCSVS VR ID Requirement L1 L2 L3 SCWE
S4.1.A1 Ensure that the visibility modifier for all functions is appropriate, preventing unnecessary exposure of internal functions. βœ“ βœ“

S4.1.B Identity Verification

SCSVS VR ID Requirement L1 L2 L3 SCWE
S4.1.B1 Validate that unexpected addresses do not result in unintended behaviors, particularly when these addresses refer to contracts within the same protocol. βœ“ βœ“
S4.1.B2 Verify that functions like ecrecover handle all potential null addresses properly to avoid vulnerabilities arising from unexpected ecrecover outputs. βœ“ βœ“

S4.1.C Least Privilege Principle

SCSVS VR ID Requirement L1 L2 L3 SCWE
S4.1.C1 Use msg.sender instead of tx.origin for authorization to avoid potential abuse from malicious contracts; include checks like require(tx.origin == msg.sender) to ensure the sender is an EOA. βœ“ βœ“
S4.1.C2 Certain addresses might be blocked or restricted from receiving tokens (e.g., LUSD). Ensure that address restrictions are properly managed and verified. βœ“ βœ“
S4.1.C3 Ensure that Guard’s hooks (e.g., checkTransaction(), checkAfterExecution()) are executed to enforce critical security checks. βœ“ βœ“
S4.1.C4 Ensure that access controls are implemented correctly to determine who can use certain functions, and avoid unauthorized changes or withdrawals. βœ“ βœ“