Upgraded Q -> 2 from #91 [1711544923384]

c4-judge commented 8 months ago

Judge has assessed an item in Issue #91 as 2 risk. The relevant finding follows:

[L-04] More safety is advised when removing owners Instances MultiOwnable.sol#102 function removeOwnerAtIndex(uint256 index) public virtual onlyOwner { bytes memory owner = ownerAtIndex(index); if (owner.length == 0) revert NoOwnerAtIndex(index);

    delete _getMultiOwnableStorage().isOwner[owner];
    delete _getMultiOwnableStorage().ownerAtIndex[index];

    emit RemoveOwner(index, owner);
}

Mitigation It is recommended to not allow the user to remove himself It is recommended to check if the system has at least only one owner to avoid the removal of all owners

c4-judge commented 8 months ago

3docSec marked the issue as duplicate of #181

c4-judge commented 8 months ago

3docSec marked the issue as satisfactory

c4-judge commented 8 months ago

This auto-generated issue was withdrawn by 3docSec

code-423n4 / 2024-03-coinbase-findings

Upgraded Q -> 2 from #91 [1711544923384] #201