MultiSig Timelock

First Flight #55

Beginner FriendlyWallet

100 EXP

View all submissions

Previous Next

Submission Details

Impact: medium

Likelihood: medium

Owner Self-Revocation of Signing Role Causes Governance Deadlock

Author Revealed upon completion

Description

The revokeSigningRole() function allows the contract owner to revoke the signing role of any signer, including the owner themselves.
As a result, the owner can remove their own signing role while still retaining ownership. Since confirming and executing transactions require SIGNING_ROLE, the owner becomes unable to participate in approval or execution of transactions they previously proposed or may need to execute in the future.

Impact

The owner loses the ability to:

Confirm transactions
Execute transactions
Previously proposed transactions may become unexecutable
If remaining signers are fewer than REQUIRED_CONFIRMATIONS, the contract may enter a permanent governance deadlock
Central governance authority is weakened unintentionally

Affected Area

permalink: https://github.com/CodeHawks-Contests/2025-12-multisig-timelock/blob/3c88fea850b25724b71778bdc7bfe96c3bd97b63/src/MultiSigTimelock.sol#L209

Proof of Concept

function testOwnerCanRevokeOwnSigningRole() public grantSigningRoles {

// Owner revokes THEIR OWN signing role

multiSigTimelock.revokeSigningRole(OWNER);

// Owner should no longer have SIGNING_ROLE

assertFalse(

multiSigTimelock.hasRole(

multiSigTimelock.getSigningRole(),

OWNER

)

);

// Signer count should decrease by 1

assertEq(multiSigTimelock.getSignerCount(), 4);

}

Output

Ran 1 test for test/unit/MultiSigTimelockTest.t.sol:MultiSigTimeLockTest

[PASS] testOwnerCanRevokeOwnSigningRole() (gas: 314726)

Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 1.36ms (124.50µs CPU time)

Ran 1 test suite in 5.89ms (1.36ms CPU time): 1 tests passed, 0 failed, 0 skipped (1 total tests)

Recommended Mitigation

Prevent Owner Self-Revocation (Recommended)

require(_account != owner(), "Owner cannot revoke own signing role");

Rewards breakdown

nSLOC

205

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!