Open hats-bug-reporter[bot] opened 1 week ago
Invalid, since for creation of organization, both caller and newRootSafe would be always same.
safeId = _createOrgOrRoot(orgName, caller, caller);
When caller and root safe is different, that condition is applicable in createRootSafe()
function only.
agree @0xRizwan is invalid!!
Github username: -- Twitter username: -- Submission hash (on-chain): 0x14f54acb58827004d6b18e40f5c80fcae35ec70e48db2b5a26738096fb82db52 Severity: medium
Description: Description\ When creating a org in
PalmeraModule
user has to provideorgName
_createOrgOrRoot
hashes the name only ifcaller == newRootSafe
. But if the caller is different, it tries to fetch it fromgetOrgHashBySafe(caller)
. This means that it is possible to create two organizations with the same name. Once hash is obtained frombytes32(keccak256(abi.encodePacked(name)))
and other time fromgetOrgHashBySafe(caller)
. This will result in overridingdepthTreeLimit
for this name and adding the same name again insideorgHash
Attack Scenario\ Describe how the vulnerability can be exploited.Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)