Closed c4-submissions closed 10 months ago
raymondfam marked the issue as low quality report
raymondfam marked the issue as duplicate of #71
alex-ppg marked the issue as not a duplicate
The threshold as well as owners specified for a Gnosis Safe directly influence its deployed address based on the implementation of the Gnosis Safe deployer.
As such, the described behaviour by the Warden is incorrect given that an altered threshold will lead to an entirely new address deployment.
alex-ppg marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-10-brahma/blob/c217699448ffd7ec0253472bf0d156e52d45ca71/contracts/src/core/SafeDeployer.sol#L253-L256 https://github.com/code-423n4/2023-10-brahma/blob/c217699448ffd7ec0253472bf0d156e52d45ca71/contracts/src/core/SafeDeployer.sol#L225 https://github.com/code-423n4/2023-10-brahma/blob/c217699448ffd7ec0253472bf0d156e52d45ca71/contracts/src/core/SafeDeployer.sol#L225 https://github.com/code-423n4/2023-10-brahma/blob/c217699448ffd7ec0253472bf0d156e52d45ca71/contracts/src/core/SafeDeployer.sol#L253-L255
Vulnerability details
Impact
The nonce generation uses the owner addresses and a salt, but not the threshold. So the same owners with different thresholds will collide. Should also include threshold.
Proof of Concept
The nonce generation that does not include the threshold parameter is in the
_genNonce
functionSpecifically, the _ownersHash is generated from the owner addresses
But the
threshold
is not included in the_ownersHash
or_genNonce
.This means the same owner addresses will generate the same
_ownersHash
, even if they have different thresholds.So, this could lead to collisions in the nonces when deploying safes for the same owners but different thresholds.
The nonce relies on two main values:
_ownersHash
- a hash of the owner addresses_salt
- a random salt provided by the callerThe problem is
_ownersHash
only includes the owner addresses, generated by:It does NOT include the
threshold
value.This means the SAME
_ownersHash
will be produced for the same owners, regardless of the threshold.For example:
Owners A, B, and C with threshold 1 will produce the same
_ownersHash
as A, B, and C with threshold 2.Then
_genNonce
uses this along with the salt to generate the nonce:Since the
_ownersHash
is the same for different thresholds, the nonce will be the same.This causes a collision in the nonces when deploying safes for the same owners but different thresholds.
The impact of this is:
Possible failed deployments due to nonce collisions, causing griefing.
Security risks from an attacker pre-computing addresses by guessing owner sets and salts.
Inability to reliably generate unique, deterministic safe addresses for an owner set.
By also including the threshold in
_ownersHash
and_genNonce
, it ensures each owner set + threshold combination gets a unique nonce. This prevents collisions and unpredictability issues.That the key issue is that
_ownersHash
only encodes the owner addresses:It does NOT include the threshold value.
This means the SAME
_ownersHash
will be generated for the same owners, regardless of different thresholds.Tools Used
Manual
Recommended Mitigation Steps
The fix would be to also include the
threshold
value in the inputs to_genNonce
and_ownersHash
, for example:This ensures unique nonces are generated per owner set and threshold, avoiding collisions.
Assessed type
Invalid Validation