Closed c4-submissions closed 12 months ago
raymondfam marked the issue as low quality report
raymondfam marked the issue as primary issue
The severity of this exhibit is greatly over-inflated, however, the discrepancy identified by the Warden is correct; a Gnosis Safe may be upgraded to a version that utilizes its guard differently, causing the wallet to be blocked.
The introduction of an empty fallback
method is present since v1.3.0
that the Brahma system should be compatible with and it is valid to advise the Sponsor to introduce it in the SafeModerator
implementations.
alex-ppg marked the issue as unsatisfactory: Overinflated severity
Lines of code
https://github.com/code-423n4/2023-10-brahma/blob/main/contracts/src/core/SafeModeratorOverridable.sol#L16 https://github.com/code-423n4/2023-10-brahma/blob/main/contracts/src/core/SafeModerator.sol#L16
Vulnerability details
Impact
All assets controlled by safe could be inaccessible due to Denial of Service caused by combination of safe upgrade and the flaw of
SafeModeratorOverridable
andSafeModerator
Proof of Concept
SafeModeratorOverridable
is the guard of console accountSafeModerator
is the guard of sub accountOnce the guard of safe account is set, each transaction will be checked by the guard:
if somehow the guard is unable to work properly, the safe transaction execution could be blocked and there is no way to access all assets locked in the safe.
As we all know that Gnosis Safe uses a Proxy/Implementation pattern, which means the implementation of safe smart contracts can be upgraded. But the process of transaction execution could be changed and there is no guarantee that the new version is compatible with previous guards.
For example, if the name of check function changes, any safe using
SafeModeratorOverridable
orSafeModerator
as guard will be locked because the new function identifier used inSafe.sol
doesn't match any of the available functions provided bySafeModeratorOverridable
orSafeModerator
.Tools Used
Manual review
Recommended Mitigation Steps
It is recommended to add
fallback()
function inSafeModeratorOverridable
andSafeModerator
, which has been adopted by Zodiac and Yearn. All examples provide by Gnosis Safe did this as well:Assessed type
DoS