MultiSig Timelock
First Flight #55
Beginner FriendlyWallet
100 EXP
View all submissions
Previous Next
Submission Details
Impact: high
Likelihood: high

Signer Other Than Owner Unable to Propose Transaction

Author Revealed upon completion

Signer Other Than Owner Unable to Propose Transaction

Description

Based on README protocol, all Signer should be able to propose transaction. However inside the protocol, only owner hold power to propose transaction.

function proposeTransaction(address to, uint256 value, bytes calldata data)
external
nonReentrant
noneZeroAddress(to)
onlyOwner // <@ onlyOwner has access to propose transaction
returns (uint256)
{
return _proposeTransaction(to, value, data);
}

Impact

High – As the protocol are designed that all signer (not only owner) should able to proposed, confirm, revoke and execute transaction. But the real implementation is only owner able to propose transaction.

Proof of Concepts

Add this function into the existing unit test

Run the function with forge test --match-test testProposedTransactionForNonOwner -vvvv

function testProposeTransactionForNonOwner() public grantSigningRoles {
vm.prank(SIGNER_TWO);
vm.expectRevert();
multiSigTimelock.proposeTransaction(SPENDER_ONE, OWNER_BALANCE_ONE, hex"");
}

Recommended mitigation

Change the logic function to grant the access for all signer

function proposeTransaction(address to, uint256 value, bytes calldata data)
external
nonReentrant
noneZeroAddress(to)
- onlyOwner
+ onlyRole(SIGNING_ROLE)
returns (uint256)
{
return _proposeTransaction(to, value, data);
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!