Summary

The contract allows the addition of signers via the setSigner function but lacks a corresponding mechanism to remove or disable signers once added. This absence of a removal capability for signers may pose challenges if there's a need to update or revoke signer privileges, potentially impacting the contract's management and security.

Vulnerability Details

The vulnerability is centered around the absence of a function to remove or disable signers once they are added via the setSigner function. This means that once an address is granted signer privileges, there's no explicit way to revoke these privileges.

Impact

This vulnerability could lead to a lack of flexibility and control in managing signers. If there is a need to update or remove signer privileges due to changes in security protocols or other administrative reasons, the absence of a removal mechanism might restrict the contract's adaptability and security management.

Tools Used

Manual inspection

Recommendations

Implement a Removal Mechanism: Develop a function that allows the owner to remove or disable signer privileges for specific addresses. This will ensure better control and management of signer privileges within the contract.