Mitigating the Ronin Protocol Vulnerability in the Context of RBAC Policy

Abstract

The article discusses the structure of the Ronin protocol and its components, focusing on consensus mechanisms and validators. The purpose of the study was to identify the vulnerability of the protocol and to develop methods for its resolution. It was determined that the bridge component of the protocol has a certain vulnerability. Analyzing and investigating the structure and mechanics of Ronin smart contracts, it was found that all validators are Bridge Validators. This prompted a more detailed study of the protocol structure. Audits for 2022 and 2023 were analyzed, which indicated the presence of privileged functionality in some roles in the system. The conclusion was that the protocol has an unformalized role-based access distribution model. By comparing with the NIST standard, it was found that the role-based access control system in the Ronin protocol (Ronin RBAC) is a Flat Model. By increasing the level of the model to the level of the Restricted Model, it was possible to increase the security level of the protocol. Using the MySQL environment, a simulation model was developed that confirmed the vulnerability of the considered access control system. Based on the analysis of the standard requirements, steps were formulated to make changes to the simulation model. To solve this problem, it was proposed to change the role model of access distribution to Level 3 of the NIST RBAC standard.