Missing MultiSigAddress Return
Summary
The MultiSigWallet contract is deployed by the LikeRegistry contract when two users match. However, the address of the newly deployed MultiSigWallet is not stored or returned by the LikeRegistry. This lack of a return value or storage of the wallet address prevents users or external contracts from accessing the MultiSigWallet to interact with its functions (such as submitting transactions, approving transactions, or executing them).
Impact
Without a way to retrieve the address of the deployed MultiSigWallet, the users or any other contract have no means to interact with the wallet once it is created. This makes it impossible to utilize the core functionalities of the MultiSigWallet, such as:
Submitting Transactions: Users cannot submit transactions to be approved by the multi-signature owners.
Approving Transactions: Without access to the
MultiSigWalletaddress, the required owners cannot approve transactions.Executing Transactions: the transactions cannot be executed by the owners of the multi-sig wallet.
At the end, all funds are locked.
Tools Used
manuel review
Recommendations
Stored in a mapping within the LikeRegistry contract to track the deployed MultiSigWallet for each pair of users.
This allows for easy retrieval of the wallet address when needed.
Returned via a function that gives the users or other contracts access to the deployed MultiSigWallet address after it has been created.
Appeal created
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.