The ManagedWallet's receive function oversight fails to reset proposedMainWallet to a null address following a rejection by the confirmation wallet, thus blocking any future wallet change proposals. Specifically, when the confirmation wallet sends less than 0.05 ether to signify rejection of a wallet change proposal, although activeTimelock is adjusted appropriately, proposedMainWallet remains unchanged. This oversight conflicts with the proposeWallets function's prerequisite that proposedMainWallet must be address(0) to accept new proposals. As a result, once a change is rejected, the system is locked in a state where no further proposals for changing the main and confirmation wallets can be submitted, effectively freezing the ability to update wallet addresses indefinitely.
The issue primarily resided in logic within the ManagedWallet contract. This has been entirely deprecated, and replaced by a simple address representing the team wallet.
Lines of code
Vulnerability details
Lines of code
Vulnerability details
C4 Issue
https://github.com/code-423n4/2024-01-salty-findings/issues/838
Comments
The ManagedWallet's receive function oversight fails to reset proposedMainWallet to a null address following a rejection by the confirmation wallet, thus blocking any future wallet change proposals. Specifically, when the confirmation wallet sends less than 0.05 ether to signify rejection of a wallet change proposal, although activeTimelock is adjusted appropriately, proposedMainWallet remains unchanged. This oversight conflicts with the proposeWallets function's prerequisite that proposedMainWallet must be address(0) to accept new proposals. As a result, once a change is rejected, the system is locked in a state where no further proposals for changing the main and confirmation wallets can be submitted, effectively freezing the ability to update wallet addresses indefinitely.
Mitigation
https://github.com/othernet-global/salty-io/commit/5766592880737a5e682bb694a3a79e12926d48a5
The issue primarily resided in logic within the ManagedWallet contract. This has been entirely deprecated, and replaced by a simple address representing the team wallet.
Conclusion
LGTM