MultiSig Timelock
First Flight #55
Beginner FriendlyWallet
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Owner can remove himself as a signer, able to DOS the Whole system and stop all transaction

mrn0b0dye

Root + Impact

Description

  • The limitation for Owner is he cannot remove himself from signing role.

  • Owner can remove himself as a signer and able to DOS the Whole system.


Risk

Impact:

  • Contract limitation broks.

  • Potential DOS, Stop all transactions.

  • Users funds stuck forever in the Contract.

Proof of Concept

  • Let say we have three signers total, including Owner himself.

  • Contracts need three confirmations to execute any tx.

  • Owner propose transactions and removes himself from signer role.

  • owner call renounceRole function from AccessControl to remove himself as a signer

  • Now there are only two signers.

  • Potential DOS, Users fnds stuck forever in the Contract.

function testOwnerCanRemovehimself__poc() public {
multiSigTimelock.grantSigningRole(SIGNER_TWO);
multiSigTimelock.grantSigningRole(SIGNER_THREE);
// owner can call `renounceRole` from AccessControl to remove himself as signer
multiSigTimelock.renounceRole(SIGNING_ROLE, OWNER);
vm.prank(OWNER);
uint256 txnId = multiSigTimelock.proposeTransaction(SPENDER_ONE, OWNER_BALANCE_ONE, hex"");
console2.log("This is the first transaction ID", txnId);
assertEq(txnId, 0);
vm.prank(SIGNER_TWO);
multiSigTimelock.confirmTransaction(txnId);
vm.prank(SIGNER_THREE);
multiSigTimelock.confirmTransaction(txnId);
vm.expectRevert();
vm.prank(OWNER);
multiSigTimelock.confirmTransaction(txnId);
vm.expectRevert();
vm.prank(SIGNER_TWO);
multiSigTimelock.executeTransaction(txnId);
}

Recommended Mitigation

Updates

Lead Judging Commences

kelechikizito Lead Judge 4 days ago
Submission Judgement Published
Validated
Assigned finding tags:

Owner revokes her signing role

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!