Open hats-bug-reporter[bot] opened 1 week ago
Centralized issue, should be invalid.
@0xRizwan
In my opinion, this issue should be considered as low severity issue. According to the docs of hats finance, it is mentioned that
Minor deviations from best practices that don't lead to security risks consider as a low severity.
And according to the description of the issue, it is not the best practice to not check the threshold. Hence should be considered as a valid low.
Non-Issue, i agree with @0xRizwan, because safe check that when Palmera Module send the tx with _executeModuleTransaction
, in the args data
called the same way addOwnerWithThreshold
, If we add this require, it would be a redundant verification which is absolutely inefficient at the gas level and bytesize code.
Verification into Safe-Contracts: https://github.com/safe-global/safe-smart-account/blob/186a21a74b327f17fc41217a927dea7064f74604/contracts/base/OwnerManager.sol#L121
Github username: -- Twitter username: -- Submission hash (on-chain): 0xbbbac1110d919caf87aeacc6b6aa61691806e6fc4b5ab177743914f26cd046aa Severity: low
Description: Description\
The addOwnerWithThreshold
function in the PalmeraModule contract allows the caller to add a new owner to a Safe and set athreshold
for the Safe's multisig wallet. However, the function does not currently validate that the threshold parameter is greater than zero. This oversight can lead to the threshold being set to zero, which may cause unexpected behavior or security vulnerabilities.Impact
If the threshold is set to zero, it can lead to the following issues:
Attack Scenario\ NA
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)
Recommedation
validation check in the addOwnerWithThreshold function to ensure that the threshold parameter is greater than zero. This can be achieved by adding a simple require statement at the beginning of the function.