Root + Impact

Description

• Each signer’s confirmation must be strictly bound to a single transaction, preventing reuse across proposals.

• The multisig logic lacks a transaction-scoped confirmation mapping, allowing confirmations or signatures to be reused or replayed for different transactions. This breaks signer intent guarantees and enables unauthorized execution.

Risk

Likelihood:

• Multiple transactions exist concurrently.

Signers reuse interfaces or off-chain signing flows.

Impact:

• Transactions execute without proper quorum.

Unauthorized state changes or fund transfers occur.

Proof of Concept

• Without transaction-scoped confirmation tracking, signer approvals lose isolation, violating multisig safety assumptions.

Recommended Mitigation