-
# Handle
WatchPug
# Vulnerability details
In `QuickAccManager.sol#cancel()`, the `hashTx` to identify the transaction to be canceled is wrong. The last parameter is missing.
As a result, users wi…
-
# Handle
loop
# Vulnerability details
The `withdraw` function in `IdentityFactory.sol` is declared as public but can be external since it is not used internally.
## Impact
Saves some gas in case …
-
# Handle
cmichel
# Vulnerability details
The `SignatureValidator.recoverAddrImpl` function does not revert on invalid signatures and returns zero instead.
Thus if anyone added the zero address to …
-
# Handle
pmerkleplant
# Vulnerability details
## Impact
If a caller has privileges for a QuickAccount consisting of two `address(0)`'s,
then the caller can execute arbitrary transactions through t…
-
# Handle
WatchPug
# Vulnerability details
For the storage variables that will be accessed multiple times, cache them in the stack can save ~100 gas from each extra read (`SLOAD` after Berlin).
Fo…
-
# Handle
cmichel
# Vulnerability details
A single `QuickAccount` can serve as the "privilege" for multiple identities, see the comment in `QuickAccManager.sol`:
> NOTE: a single accHash can contr…
-
# Handle
WatchPug
# Vulnerability details
Reading array length at each iteration of the loop takes 6 gas (3 for mload and 3 to place memory_offset) in the stack.
Caching the array length in the s…
-
## Abstract
A big problem we are having in Rotki is the kind of monolithic way in which balances, especially ethereum and protocol ones, are queried. One big call, querying everything for every add…
-
# Handle
gpersoon
# Vulnerability details
## Impact
Suppose one of the supplied addrs[i] to the constructor of Identity.sol happens to be 0 ( by accident).
In that case: privileges[0] = 1
Now su…
-
# Handle
cmichel
# Vulnerability details
Several different signature modes can be used and `Identity.execute` forwards the `signature` parameter to the `SignatureValidator` library.
The returned `…