The Gnosis wallet does not check for contract existence and may mislead the user about the transaction's result

[c4-submissions]

Lines of code

https://github.com/safe-global/safe-contracts/blob/main/contracts/base/Executor.sol#L21-L43

Vulnerability details

Impact

A low-level call on a nonexisting contract always returns a true value. If the existing address no more exist then the user will always get the wrong result after doing a call on non existing contract.

Proof of Concept

A failure to check for a contract’s existence may mislead a user into thinking that a failed transaction was successful. execute() function uses low-level and assembly calls to execute external transactions.

Exploit Scenario: Ailce uses the Gnosis wallet to submit a call to an address believed to be a contract. Unbeknownst to Alice, the contract had previously been destructed. Due to a lack of contract existence checks in the Gnosis wallet, Alice's call returns a success even though itdid not successfully execute.

Tools Used

manual code review vscode

Recommended Mitigation Steps

Short term, ensure all calls check the existence of a contract at the destination address. Long term, ensure this limitation is well documented and accounted for in any systems depending on the Gnosis wallet.

Assessed type

Invalid Validation

[c4-pre-sort]

raymondfam marked the issue as low quality report

[c4-pre-sort]

raymondfam marked the issue as primary issue

[raymondfam]

D-10 from the bot.

[alex-ppg]

This particular contract is out-of-scope. The Gnosis Safe signers (and any modules that act on behalf of them) are meant to properly vet the calls they perform.

[c4-judge]

alex-ppg marked the issue as unsatisfactory: Out of scope