The MultiSigWallet::submitTransaction
function does not validate whether the requested transaction value is within the contract's balance.
The function checks if _value
is zero but does not verify if the contract has sufficient funds to execute the transaction. This could lead to transactions being submitted that cannot be executed.
Consider this scenario
User submits a transaction of value greater than the contract balance
The proposal passes and it got approved by both users
The proposal becomes inexecutable since it is now greater than contract balance.
Consider adding this test fuction to the SoulboundProfileNFTTest.t.sol
test file. Make sure to import MultiSigWallet
. -- import { MultiSigWallet } from "../src/MultiSig.sol";
Wasted gas on transactions that cannot be executed.
Potential confusion for users.
Manual code review.
Add a check to ensure the requested value does not exceed the contract's balance:
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.