MultiSig Timelock
First Flight #55
Beginner FriendlyWallet
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: high
Invalid

Immediate execution for `value == 0` calls enables powerful state changes

365smile

Scope
src/MultiSigTimelock.sol: _getTimelockDelay

Root + Impact

Description

  • Normal behavior: NO_TIME_DELAY for value < 1 ETH.

  • Issue: Calls with value == 0 include contract governance operations (e.g., setOwner, upgradeTo) that should be delayed; currently they execute instantly.

// @> NO_TIME_DELAY applied even to governance-impacting calls with value == 0

Risk

Likelihood:

  • Reason 1 // Most governance calls are 0 ETH

  • Reason 2 // Multisigs perform upgrades and role changes frequently

Impact:

  • Impact 1 // Sudden system changes without delay window

  • Impact 2 // Elevated risk from signer compromise

Proof of Concept

Explanation: Propose a call to upgradeTo on a proxy with 0 ETH. It executes immediately.

// propose upgradeTo(newImpl) on proxy with value==0, confirm, execute immediately

Recommended Mitigation

Explanation: Enforce a minimum delay for any transaction with non-empty data.

+ // Minimum delay for non-empty 'data' even if value==0 (e.g., 24h)

Status: Valid (Mitigated in src/MultiSigTimelock.sol via H1 fix)

Updates

Lead Judging Commences

kelechikizito Lead Judge 4 days ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!