tschubotz
commented
3 years ago Attack Vector: someone could easily create a contract simulating the interface of the Gnosis Safe, the UI would continue to work, everyone would assume it's the Gnosis Safe, but Infact it's a hacked contract.
Do I understand correctly that the scenario you have in mind would be someone creating a malicious Safe with a compatible interface and then other owners would just add this malicious Safe in the interface and hence not noticing that there's something fishy about it?
Currently, all owners need to verify the creation tx in the UI (Check that the official proxy factory was used etc). I agree that the interface could check more regularly the integrity.
Title/Description
Attack Vector: someone could easily create a contract simulating the interface of the Gnosis Safe, the UI would continue to work, everyone would assume it's the Gnosis Safe, but Infact it's a hacked contract.
The attacker walks with all funds inside.
One potential mediating solution:
Ensure the UI verifies the bytecode of the proxy and what it's pointing to. This way, if any one party opens that wallet in the UI, the UI will flag the contracts are malformed or invalid.
This is a similar approach to how the Ledger software verifies hardware wallets. It adds an extra layer of conform knowing the contracts are being verifies when the UI is loaded.