The root cause is in the one of the owner managing methods that can remove all wallet owners leaving wallet funds locked inside and also locking any other interaction with the wallet.
The method in question is : removeOwnerAtIndex that can remove all assigned wallet owners.
Mitigation
The issue is successfully remediated by applying the PR
The patch adds this check that prevents the removeOwnerAtIndex to remove all owners.
The variable nextOwnerIndex and removedOwnersCount used in the previous check are correctly accounted for.
Suggestions
Consider adding this newly added method named removeLastOwner to the list of cross chain callablemethods for managing wallet owners.
Notes
The same PR also:
adds a method that will explicitly "renounce" all wallet ownership where there is only one owner left.
restricts adding of new owner address (trough addOwnerAddress) to be only called externally.
Lines of code
Vulnerability details
Comments
The protocol wallet owners have cross chain methods to manage owners.
Vulnerability details
The root cause is in the one of the owner managing methods that can remove all wallet owners leaving wallet funds locked inside and also locking any other interaction with the wallet.
The method in question is :
removeOwnerAtIndex
that can remove all assigned wallet owners.Mitigation
The issue is successfully remediated by applying the PR
The patch adds this check that prevents the
removeOwnerAtIndex
to remove all owners.The variable
nextOwnerIndex
andremovedOwnersCount
used in the previous check are correctly accounted for.Suggestions
Consider adding this newly added method named removeLastOwner to the list of cross chain callable methods for managing wallet owners.
Notes
The same PR also:
Conclusions
Successful Mitigation