DatingDapp
First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

In `MultiSig::submitTransaction()` function there is no check on `_value` parameter to see if it is greater than the balance or not.

0x1422

Description:

In MultiSig::submitTransaction() there is no check on _value parameter to see if it is greater than the balance or not. So it is possible to submit transaction which is greater than balance of multisig wallet itself.

Proof of Concept:

It can be seen that there is no check on _value parameter if it is greater than the balance of multi sig wallet.

function submitTransaction(address _to, uint256 _value) external onlyOwners {
if (_to == address(0)) revert InvalidRecipient();
if (_value == 0) revert InvalidAmount();
@> // There is no check for the _value parameter
transactions.push(Transaction(_to, _value, false, false, false));
uint256 txId = transactions.length - 1;
emit TransactionCreated(txId, _to, _value);
}

Recommended Mitigation:

Add this code in MultiSig::submitTransaction()

function submitTransaction(address _to, uint256 _value) external onlyOwners {
require(_value <= address(this).balance);
...
}
Updates

Appeal created

n0kto Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Users mistake, only impacting themselves.

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.