[L-1] Inefficient Balance Validation in MultiSig Leads to Unnecessary Gas Comsumption
Summary
The `MultiSigWallet` Contract violates the CEI pattern and performs balance validation at execution time. The function makes an external call before updating the execution status, which is against best practices.
Vulnerability Details
```solidity
function testInsufficientBalanceExecution() public {
vm.prank(owner1);
wallet.submitTransaction(attacker, 1000 ether);
vm.prank(owner1);
wallet.approveTransaction(0);
vm.prank(owner2);
wallet.approveTransaction(0);
vm.prank(owner1);
vm.expectRevert();
wallet.executeTransaction(0);
}
```
Impact
Low
Tools Used
foundry
Recommendations
```diff
function submitTransaction(address _to, uint256 _value) external onlyOwners {
+ if (_value > address(this).balance) revert("Insufficient balance");
if (_to == address(0)) revert InvalidRecipient();
if (_value == 0) revert InvalidAmount();
transactions.push(Transaction(_to, _value, false, false, false));
uint256 txId = transactions.length - 1;
emit TransactionCreated(txId, _to, _value);
}
```
Appeal created
Users mistake, only impacting themselves.
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.