MultiSig Timelock
First Flight #55
Beginner FriendlyWallet
100 EXP
View all submissions
Previous Next
Submission Details
Impact: medium
Likelihood: high

Signing Role Can Not Propose Transaction

Author Revealed upon completion

Signing Role Can Not Propose Transaction

Description

  • The project's documentation states that Propose new transactions (permission is tied to the role, so any signer can propose). However, the proposeTransaction function is restricted by the onlyOwner modifier, which prevents accounts with the SIGNING_ROLE but not the OWNER role from proposing transactions. This breaks the invariant stated in the documentation.

function proposeTransaction(address to, uint256 value, bytes calldata data)
external
nonReentrant
noneZeroAddress(to)
@> onlyOwner
returns (uint256)
{
return _proposeTransaction(to, value, data);
}

Risk

Likelihood:

  • The current implementation ensures that only the contract owner can propose new transactions, regardless of other signing roles.

Impact:

  • Signing roles lose a fundamental power described in the project's specifications, limiting the decentralization and intended functionality of the multi-signature wallet.

Proof of Concept

function testSigningRoleCanNotPropose() public grantSigningRoles {
vm.prank(SIGNER_TWO);
vm.expectRevert();
multiSigTimelock.proposeTransaction(SPENDER_ONE, OWNER_BALANCE_ONE, hex"");
}

Recommended Mitigation

Change the access control modifier on the proposeTransaction function from onlyOwner to onlyRole(SIGNING_ROLE).

function proposeTransaction(address to, uint256 value, bytes calldata data)
external
nonReentrant
noneZeroAddress(to)
- onlyOwner
+ onlyRole(SIGNING_ROLE)
returns (uint256)
{
return _proposeTransaction(to, value, data);
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!