search

code-423n4 / 2024-03-saltyio-mitigation-findings

0 stars 0 forks source link

M-31 MitigationConfirmed #92

Open c4-bot-7 opened 4 months ago

c4-bot-7 commented 4 months ago

Lines of code

Vulnerability details

Comments

In the original implementation, ManagedWallet#activeTimelock is used to determine when a wallet proposal can be confirmed or changed. However, it can be easily manipulated or bypassed.

Mitigation

commit 5766592 Since the only purpose of ManagedWallet#mainWallet is receiving SALT reward on behalf of development team, the mitigation removed ManagedWallet implementation and used immutable teamWallet address directly. There is no need to change it any more. The mitigation resolved the original issue.

Conclusion

Confirmed

c4-judge commented 4 months ago

Picodes marked the issue as satisfactory