DatingDapp
First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Trapped funds in the MultiSig contract

dexcripter

Funds can be locked forever.

In the MultiSig contract where both parties are required to approve a transaction before it can be successful, one user funds can be trapped forever is something happens to the other party.

Lets imagine a scenario where user-1 loses access to their wallet, and already has someone (player-2) who they both share mutual likes. This player-2 would forever be unable to withdraw back their funds from the contract since the contract strictly needs both players to approve a transaction before it is processed onchain for payout.

Impact

This is a severe bug that affects the core functionality of the protocol by trapping user's funds.

Tools Used

Manual review

Recommendations

Include a timelock so a transaction can be automatically approved after X number of time passed.

struct Transaction {
address to;
uint256 value;
uint256 timeLock; // introduce a timelock
bool approvedByOwner1;
bool approvedByOwner2;
bool executed;
}
uint256 public constant timelock = 1 weeks;
function submitTransaction(address _to, uint256 _value) external onlyOwners {
if (_to == address(0)) revert InvalidRecipient();
if (_value == 0) revert InvalidAmount();
transactions.push(Transaction(_to, _value, timelock, false, false, false)); //updated
uint256 txId = transactions.length - 1;
emit TransactionCreated(txId, _to, _value);
}
function cancelTransaction(uint256 _txId) external onlyOwners {
require(_txId < transactions.length, "Invalid transaction ID");
Transaction storage txn = transactions[_txId];
require(!txn.executed, "Transaction already executed");
delete transactions[_txId];
}
Updates

Appeal created

n0kto Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.