Unrestricted MultiSig Transaction Submission Allows Invalid Proposals
Summary
The MultiSigWallet allows owners to submit transactions for any amount/recipient without checking contract balance, leading to stuck approvals and failed executions.
Vulnerability Details
submitTransaction does not verify if the contract holds sufficient ETH for the proposed value. Owners can approve transactions that exceed the contract's balance, causing executions to fail indefinitely and cluttering the transaction list.
POC
MultiSig holds 1 ETH.
Owner1 submits a transaction for 2 ETH to address X.
Both owners approve it.
Execution fails repeatedly due to insufficient balance, wasting gas.
Impact
Poor user experience and potential for spam transactions. While funds aren't directly lost, contract usability is degraded.
Tools Used
Manual analysis, Slither.
Recommendations
Add a balance check in
submitTransaction:require(_value <= address(this).balance).Implement a cancellation mechanism for invalid transactions.
Appeal created
Users mistake, only impacting themselves.
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.