search

code-423n4 / 2023-10-brahma-findings

8 stars 7 forks source link

Register Wallet unprotected #471

Closed c4-submissions closed 10 months ago

c4-submissions commented 10 months ago

Lines of code

https://github.com/code-423n4/2023-10-brahma/blob/dd0b41031b199a0aa214e50758943712f9f574a0/contracts/src/core/registries/WalletRegistry.sol#L32-L41

Vulnerability details

Impact

In the code comments, it states that: * @dev Can only be called by safe deployer or the wallet itself This requires a check for either the safe deployer or the wallet. However there is no check to verify this case, therefore any address can verify their self as a wallet.

Proof of Concept

     /**
     * @notice Registers a wallet
     * @dev Can only be called by safe deployer or the wallet itself
     */
    //@audit check not followed
    function registerWallet() external {
        if (isWallet[msg.sender]) revert AlreadyRegistered();
        if (subAccountToWallet[msg.sender] != address(0)) revert IsSubAccount();
        isWallet[msg.sender] = true;
        emit RegisterWallet(msg.sender);
    }

Tools Used

Manual Review

Recommended Mitigation Steps

Use a check for this function, although this function has been implemented wrongly since the safe deployer can never call this function

Assessed type

Access Control

c4-pre-sort commented 10 months ago

raymondfam marked the issue as low quality report

c4-pre-sort commented 10 months ago

raymondfam marked the issue as duplicate of #17

c4-judge commented 10 months ago

alex-ppg marked the issue as unsatisfactory: Invalid