c4-bot-1 commented 10 months ago

Lines of code

https://github.com/re-nft/smart-contracts/blob/3ddd32455a849c3c6dc3c3aad7a33a6c9b44c291/src/policies/Factory.sol#L138

Vulnerability details

The Factory contract does not directly handle changes to the ownership or threshold of a safe after deployment. The absence of a mechanism within the Factory contract to facilitate or track these changes could be problematic for maintaining an accurate representation of the state of each safe.

Impact

If the Factory contract does not track changes to the ownership or threshold of safes, it may not have an up-to-date view of the safes' configurations. This could lead to discrepancies between the actual state of a safe and the state known to the Factory contract, potentially causing issues with policies that rely on accurate safe information.

Mitigation

To mitigate this issue, the Factory contract could implement event logging for significant changes to safes or integrate with a module that tracks these changes:

event SafeConfigurationChanged(
    address indexed safe,
    address[] newOwners,
    uint256 newThreshold
);

Assessed type

Other

c4-pre-sort commented 10 months ago

141345 marked the issue as insufficient quality report

c4-judge commented 10 months ago

0xean marked the issue as unsatisfactory: Insufficient quality

code-423n4 / 2024-01-renft-findings

Missing events for Safe Ownership and Threshold Changes #512

Lines of code

Vulnerability details

Impact

Mitigation

Assessed type