DatingDapp
First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Lack of `revokeApproval` in a Two-Owner Multi-Sig Wallet Might Lead to Unfavorable Transactions

riceee

Issue

In this MultiSigWallet with only two owners, each transaction typically requires approval from both parties before execution. However, if the contract does not include a revokeApproval function, an owner who has previously approved a transaction has no way to withdraw their approval before execution. This can lead to several issues.

Impact

If one owner changes their mind about a transaction after approving it, they have no way to revoke their decision. Also, The second owner can execute the transaction at any time, even if circumstances of the date have changed.

In this contract, once an owner approves a transaction, they have no way to revoke it.

Recommendation

To address this issue, a revokeApproval function should be implemented, allowing owners to withdraw their approval before execution.

function revokeApproval(uint256 _txId) external onlyOwners {
require(_txId < transactions.length, "Invalid transaction ID");
Transaction storage txn = transactions[_txId];
require(!txn.executed, "Transaction already executed");
if (msg.sender == owner1) {
txn.approvedByOwner1 = false;
} else {
txn.approvedByOwner2 = false;
}
emit Revoked(_txId, msg.sender);
}
Updates

Appeal created

n0kto Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Users mistake, only impacting themselves.

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.