MultiSig Timelock

First Flight #55

Beginner FriendlyWallet

100 EXP

View results

Previous Next

Submission Details

Impact: medium

Likelihood: medium

Invalid

Transaction Identity Collision Due to Missing Nonce Domain Separation

pushprakash23

Root + Impact

Description

Each multisig transaction must be uniquely identifiable, even when calldata and targets are reused, so that signer confirmations apply only to the intended action.
Transaction identity is derived without a nonce or domain separator, allowing multiple transactions with identical (target, value, data) to share the same hash.

// @> Missing nonce in transaction identity

bytes32 txHash = keccak256(abi.encode(target, value, data));

// This causes confirmation ambiguity across transactions.

Risk

Likelihood:

Governance frequently reuses calldata (e.g., repeated transfer() calls).

Treasury operations often repeat the same actions over time.

Impact:

Confirmations may unintentionally apply to later transactions.

Signer intent is violated, weakening multisig trust guarantees.

Proof of Concept

Without a nonce, the contract cannot distinguish between logically separate actions that look identical at the calldata level.

// Tx A

submitTransaction(target, 0, data);

// Tx B (same calldata)

submitTransaction(target, 0, data);

// Both share identical hash → confirmations overlap

Recommended Mitigation

Guarantees transaction uniqueness.

Prevents replay or confirmation reuse.

Matches industry-standard multisig designs (Gnosis Safe–style domain separation).

- remove this code

+ add this code

- bytes32 txHash = keccak256(abi.encode(target, value, data));

+ bytes32 txHash = keccak256(

+ abi.encode(txId, target, value, data)

+ );

Updates

Lead Judging Commences

kelechikizito Lead Judge 28 days ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Appeal created

pushprakash23 Submitter

27 days ago

kelechikizito Lead Judge

26 days ago

kelechikizito Lead Judge

26 days ago

kelechikizito Lead Judge 25 days ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Rewards breakdown

nSLOC

205

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!