MultiSig Timelock
First Flight #55
Beginner FriendlyWallet
100 EXP
View all submissions
Previous Next
Submission Details
Impact: low
Likelihood: medium

Signer role cannot propose transactions despite README stating otherwise

Author Revealed upon completion

Root + Impact

Description

  • The README states that any address holding the SIGNING_ROLE can propose a new transaction.

  • However, in the implementation, proposeTransaction is restricted with the onlyOwner modifier, preventing non-owner signers from proposing transactions.// The proposeTransaction function uses onlyOwner instead of a role-based modifier such as onlyRole(SIGNING_ROLE).

    function proposeTransaction(...)
    external
    nonReentrant
    noneZeroAddress(to)
    onlyOwner
    returns (uint256)

Risk

Likelihood:

  • Reason 1 // Non-owner signers are unable to propose transactions, contrary to the documented design.

  • Reason 2

Impact:

  • No funds are at risk

  • This only affects workflow and decentralization expectations, as non-owner signers cannot propose transactions as documented.


    Proof of Concept

// Grant SIGNING_ROLE to a non-owner address
// Attempt to call proposeTransaction from that signer
// Transaction reverts due to onlyOwner restriction

Recommended Mitigation

// If the intended design is to allow all signers to propose transactions, replace onlyOwner with onlyRole(SIGNING_ROLE) in proposeTransaction.
// Otherwise, update the README to accurately reflect that only the owner can propose transactions.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!