H-04 MitigationConfirmed

[c4-bot-7]

Lines of code

Vulnerability details

C4 Issue

H-04: Incorrect gnosis_safe_disable_module_offset constant leads to removing the rental safe's module without verification

Comments

An incorrect offset constant allowed to disable any module.

Mitigation

PR-1: Fix the wrong offset for calling disableModule()

• Changed offset from 0x24 to 0x44
  • The offset corresponds with the actual module that will be disabled. This is fixed correctly.
• The Guard now successfully loads the module to be disabled and checks if the module can actually be disabled
• Tests were added to verify that the guard for disableModule() now works as expected

Conclusions

Successful Mitigation

[c4-judge]

gzeon-c4 marked the issue as satisfactory

[c4-judge]

gzeon-c4 marked the issue as confirmed for report