DatingDapp
First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing balance validation in `MultiSig::executeTransaction` allows execution of underfunded transactions

anchabadze

Description:

The executeTransaction function in MultiSig contract attempts to send ETH without verifying if the contract has sufficient balance to complete the transaction:

function executeTransaction(uint256 _txId) external onlyOwners {
require(_txId < transactions.length, "Invalid transaction ID");
Transaction storage txn = transactions[_txId];
require(!txn.executed, "Transaction already executed");
require(txn.approvedByOwner1 && txn.approvedByOwner2, "Not enough approvals");
txn.executed = true;
// @audit-issue No balance check before transfer
(bool success, ) = payable(txn.to).call{value: txn.value}("");
require(success, "Transaction failed");
emit TransactionExecuted(_txId, txn.to, txn.value);
}

The function only checks for approvals and execution status but fails to validate if address(this).balance >= txn.value before attempting the transfer.

Impact:

  • Transaction might revert after marking it as executed

  • Could lead to stuck transactions that are marked as executed but failed to transfer funds

  • Inconsistent contract state where transaction is marked executed but funds weren't transferred

Recommended Mitigation:

Add balance validation before execution

Updates

Appeal created

n0kto Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Users mistake, only impacting themselves.

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.