Open c4-submissions opened 1 year ago
raymondfam marked the issue as sufficient quality report
Decent report with well-elaborated findings. L-01 may be a design decision (i.e. a critical update is needed due to a vulnerability and thus SubAccount
implementations are forced to update).
alex-ppg marked the issue as grade-a
Thanks for the report. I agree with all Non Critical findings
L-01: SafeModerator and ConsoleFallbackHandler can only be updated by governance and maybe done in extreme scenarios. Only registries are kept immutable because they hold state
L-02: While I totally understand your point that attacker deployed the same bytecode at the deterministic CREATE2
address, for some reason safe changed their safe deployer implementation and removed the initializer as a part of address determination, leading us to question if there is a possible exploit we chose to keep it safe and make sure we use an address that we deploy
0xad1onchain (sponsor) acknowledged
alex-ppg marked the issue as selected for report
See the markdown file with the details of this report here.