0xSorryNotSorry
commented
1 year ago The submission does not provide any demonstration of the issue, reasoning and code blocks.
Closed code423n4 closed 1 year ago
0xSorryNotSorry
commented
1 year ago The submission does not provide any demonstration of the issue, reasoning and code blocks.
c4-pre-sort
commented
1 year ago 0xSorryNotSorry marked the issue as low quality report
c4-judge
commented
1 year ago berndartmueller marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-07-axelar/blob/2f9b234bb8222d5fbe934beafede56bfb4522641/contracts/cgp/governance/Multisig.sol#L20
Vulnerability details
Impact
Newer transaction will not get approved because previous on es have not been approved or rejected
Proof of Concept
Let's say two out of 3 addresses sign a transaction which requires 3 signers then after some time the 3 now sign another transaction it wont get approved by validators unless the previous ones get validated or rejected, because of nonce in the evm.
Tools Used
Manual review
Recommended Mitigation Steps
There should be a time frame that sets a pending transaction to reject automatically if it has not been validated.
Assessed type
DoS