code-423n4 / 2024-06-renzo-mitigation-findings

0 stars 0 forks source link

H-01 MitigationConfirmed #40

Open c4-bot-3 opened 5 months ago

c4-bot-3 commented 5 months ago

Lines of code

Vulnerability details

Original Issue Summary

In the original issue, due to a combination of the usage of transfer and the usage of a two-step withdrawal process, people who used multisig would be able to complete the first step of the two-step withdrawal process, but they would not be able to complete the second step of the two-step withdrawal process, leading to funds lost.

Mitigation

This mitigation proposes the usage of call() instead of transfer() and checks if the call() returns a true value.

-            payable(msg.sender).transfer(_withdrawRequest.amountToRedeem);
+            (bool success, ) = payable(msg.sender).call{ value: _withdrawRequest.amountToRedeem }(
+                ""
+            );
+            if (!success) revert TransferFailed();

Comments

This mitigation succesfully mitigates the original issue - usage of call() will forward all available gas, which would prevent a lockup like in the original issue.

Suggestions

If this has not been done already, add documentation telling users to be extra careful when using multisigs. Even though this mitigation mitigates the original issue, Safe multisigs are complex and not one-size fits all. Safe multisigs can have different Guards/Modules that change the inner-workings of a Safe multisig, so it would be good to give the multisig users a heads-up.

Conclusion

LGTM

c4-judge commented 5 months ago

alcueca marked the issue as satisfactory