Owner single point of failure freezes upgrades and signer rotation
Scope
src/MultiSigTimelock.sol: proposeTransaction, grantSigningRole, revokeSigningRole
Root + Impact
Description
Normal behavior: Any signer should be able to initiate recovery actions if the owner key is lost.
Issue: Only the owner can propose transactions or adjust the signer set. If the owner key is lost or compromised, signers cannot propose a safe migration, add a new owner, or rotate keys; funds and governance get stuck.
Risk
Likelihood:
Reason 1 // Owner key compromise/loss is a primary multisig risk
Reason 2 // Operational turnover happens regularly
Impact:
Impact 1 // Complete loss of ability to upgrade, rotate signers, or rescue funds
Impact 2 // Attacker with owner key can permanently lock the system by refusing to act
Proof of Concept
Explanation: Owner loses the key. Remaining signers have no permissions to propose migrations or add a new owner; all assets remain trapped behind an unchangeable signer set.
Recommended Mitigation
Explanation: Allow proposals and signer management through the multisig itself (e.g., onlyRole(SIGNING_ROLE) or onlySelf), and add a break-glass recovery path requiring quorum.
Status: Valid (Single Point of Failure)
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.
Rewards Distribution
The contest is complete and the rewards are being distributed.