search

coinbase / smart-wallet

MIT License
284 stars 54 forks source link

Bug[high]: Users may be blocked from adding owners. #11

Closed pegahcarter closed 5 months ago

pegahcarter commented 5 months ago

Summary

A user may unintentionally get blocked from adding new owners.

Description

When adding an owner, the nextOwnerIndex is incremented. However, when removing an owner, nextOwnerIndex remains the same. Once 255 owners have been added, a user is unable to add owners because of the uint8 overflow within _addOwner(). This limitation will still exist even after owners have been removed, as nextOwnerIndex will still be 255.

pegahcarter commented 5 months ago

Nevermind. Looks like this was resolved with #9 .

wilsoncusack commented 5 months ago

Thanks @pegahcarter, this is documented behavior https://github.com/coinbase/smart-wallet/blob/main/src/MultiOwnable.sol#L6

https://github.com/coinbase/smart-wallet/blob/main/src/MultiOwnable.sol#L43-L51