Missing unapprove logic in MultiSig
Summary
After a match is made, both users, who liked each other will receive a MultiSig which will hold their join ETH. They can spend the ETH by submitting transactions, getting both approvals and then executing the transactions.
With the current implementation, once a user approves a transaction it will remain indefinitely approved. This poses a significant risk, as the recipient's behavior or circumstances may change over time, potentially leading the approving user to reconsider their decision.
Here is an example:
User A wants to stake the joint ETH into a protocol called X
User A submits a transaction
User A approves the transaction
User A finds out protocol X has a vulnerability or malicious intent and wants to not proceed with the execution. However, he can't
User B approves the transaction
User B executes the transaction
Protocol X receives the ETH even though user A saw this coming
Impact
Medium, as users funds will be at risk.
Tools Used
Manual review
Recommendations
Either:
Implement unapprove functionality
Keep the approval only for a certain period of time
Appeal created
Users mistake, only impacting themselves.
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.