Lack of Transaction Destination Validation in MultiSig Wallet
Summary
During the review of the MultiSig Wallet implementation, it was observed that the submitTransaction function lacks proper validation to prevent malicious "ikers" from withdrawing funds to there own addresses. Specifically, there is no check to ensure that funds are only withdrawn where the date is done, which could allow a malicious likers to withdraw all funds to their own account as there is no validation for "_to == owner1 && _to == owner2".
Vulnerability Details
Here you can see that the submitTransaction has no validation if the owner 1 and owner 2 is withdrawing to funds of both users to there accounts. As per the protocol the use must have to use the funds where they spend for the date but any malicious like can steal the money to their own contract as there is no check present to see if the malicious user is withdrawing the money to its own account.
Impact
Funds Lost of other users.
The protocol is designed to ensure that funds are used strictly for their intended purpose (e.g., expenses related to a date). However, due to the lack of destination validation, a malicious actor could exploit the system by redirecting funds to their own wallet.
Tools Used
Manual Review
Recommendations
Add check that the to address must not be equal to owner 1 and owner 2.
Appeal created
Users mistake, only impacting themselves.
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.