Closed c4-bot-8 closed 8 months ago
https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/registries/contracts/multisigs/GnosisSafeMultisig.sol#L106C7-L106C101?plain=1#L1
Unprotected call to a function sending Ether to an arbitrary address.
GnosisSafe.handlePayment(uint256,uint256,uint256,address,address)
Manual Auditing line by line
Ensure that an arbitrary user cannot withdraw unauthorized funds.
call/delegatecall
alex-ppg marked the issue as insufficient quality report
kupermind (sponsor) disputed
dmvt marked the issue as unsatisfactory: Insufficient quality
Lines of code
https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/registries/contracts/multisigs/GnosisSafeMultisig.sol#L106C7-L106C101?plain=1#L1
Vulnerability details
Impact
Unprotected call to a function sending Ether to an arbitrary address.
Dangerous calls:
GnosisSafe.handlePayment(uint256,uint256,uint256,address,address)
Tools Used
Manual Auditing line by line
Recommended Mitigation Steps
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Assessed type
call/delegatecall