Closed c4-submissions closed 12 months ago
raymondfam marked the issue as low quality report
raymondfam marked the issue as duplicate of #249
alex-ppg marked the issue as not a duplicate
alex-ppg marked the issue as duplicate of #410
alex-ppg marked the issue as unsatisfactory: Invalid
alex-ppg marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-10-brahma/blob/main/contracts/src/core/registries/WalletRegistry.sol#L43-L55
Vulnerability details
Impact
A subaccount that has been taken over by an attacker can not be removed.
Proof of Concept
The WalletRegistry.sol contract has a
registerSubAccount()
function but does not have another function that can remove a subAccount in case a subAccount is compromised.Tools Used
Manual Review
Recommended Mitigation Steps
Implement a removeSubAccount() function to remove a subAccount that has been compromised.
Assessed type
Other