Description:Description:
The moduleLimitNotExceeded function currently checks only the number of existing modules but does not account for modules that are pending addition. This oversight can allow the owner to initiate multiple initiateAddModuleWithTimelock calls, potentially bypassing the module limit.
Scenario:
If there are already 127 modules and the owner calls initiateAddModuleWithTimelock, the current implementation will allow it. This process can be repeated, leading to a situation where the total number of modules, including pending ones, exceeds the allowed limit.
Mitigation:
Update the moduleLimitNotExceeded check to include modules that are pending addition. Ensure that the check accounts for both existing modules and those that are in the process of being added, to prevent exceeding the maximum allowed number of modules.
FHieser
commented
5 months ago
Github username: @0xmahdirostami Twitter username: 0xmahdirostami Submission hash (on-chain): 0xb8eedb908d24277cd9db9f758a64b4cf133a06f765db2918c89f65f3636b318d Severity: low
Description: Description: The
moduleLimitNotExceededfunction currently checks only the number of existing modules but does not account for modules that are pending addition. This oversight can allow the owner to initiate multipleinitiateAddModuleWithTimelockcalls, potentially bypassing the module limit.Scenario: If there are already 127 modules and the owner calls
initiateAddModuleWithTimelock, the current implementation will allow it. This process can be repeated, leading to a situation where the total number of modules, including pending ones, exceeds the allowed limit.Mitigation: Update the
moduleLimitNotExceededcheck to include modules that are pending addition. Ensure that the check accounts for both existing modules and those that are in the process of being added, to prevent exceeding the maximum allowed number of modules.