search

hats-finance / Most--Aleph-Zero-Bridge-0xab7c1d45ae21e7133574746b2985c58e0ae2e61d

Aleph Zero bridge to Ethereum
Apache License 2.0
0 stars 1 forks source link

Signature threshold is unbounded #7

Open hats-bug-reporter[bot] opened 5 months ago

hats-bug-reporter[bot] commented 5 months ago

Github username: @0xfuje Twitter username: 0xfuje Submission hash (on-chain): 0x0cc5d64fcb1309e8ea2a654336ebcb870e364cc55ea00ec7eed9ab765aec8c5b Severity: low

Description:

Description

The signature threshold does not have a bound (expect a zero address check). The lowest possible value is one, which can be considered unsafe, because a single committee member can execute receiveRequest() relays. The threshold can also be set to a value up to the maximum guardians which might be unoptimal if there are a lot of them.

Most.sol - setComittee()

    function setCommittee(
        address[] calldata _committee,
        uint256 _signatureThreshold
    ) external onlyOwner whenPaused {
        ++committeeId;
        _setCommittee(_committee, _signatureThreshold);
        emit CommitteeUpdated(committeeId);
    }

Recommendation

Consider to add a minimum (1+) and reasonable maximum bound for signatureThreshold.

0xfuje commented 5 months ago

*meant to submit it as minor severity

krzysztofziobro commented 5 months ago

Setting wrong threshold value is considered to be an owner error: out of scope.