search

code-423n4 / 2024-03-saltyio-mitigation-findings

0 stars 0 forks source link

M-31 MitigationConfirmed #113

Open c4-bot-6 opened 4 months ago

c4-bot-6 commented 4 months ago

Lines of code

Vulnerability details

C4 Issue

https://github.com/code-423n4/2024-01-salty-findings/issues/49

Comments

The ManagedWallet.sol contract allows wallet address changes through a proposed mechanism, confirmation, and a 30-day timelock. However, a flaw enables bypassing this timelock by having the confirmation wallet send 0.05 ether to trigger the timelock prematurely, without an active proposal. Once 30 days elapse, the main wallet can propose and immediately execute new wallet addresses changes through changeWallets(), circumventing the intended 30-day review period.

Mitigation

https://github.com/othernet-global/salty-io/commit/5766592880737a5e682bb694a3a79e12926d48a5

The managed wallet contract has been deprecated fully, so the issue has been mitigated.

Conclusion

LGTM

c4-judge commented 4 months ago

Picodes marked the issue as satisfactory