Open hats-bug-reporter[bot] opened 1 week ago
Such a safe can prevent execTransactionOnBehalf()
calls plus ownership management with addOwnerWithThreshold()
and removeOwner()
calls from higher permissions safe or roles.
Can also do any arbitrary execution (or revert) in _executeModuleTransaction()
calls. Which can make it impossible to remove or disconnect such a safe because in disconnectSafe()
-> _exitSafe()
it can revert the setGuard(address(0))
and disableModule()
calls.
Github username: @0xfuje Twitter username: 0xfuje Submission hash (on-chain): 0xe58592223e20a1148ea47089a11616fe4ccd1063acef32e9956bf64700de509a Severity: medium
Description:
Description
User can create a non-safe custom contract that returns
1
ongetThreshold()
calls to usePalmeraModule
functionality.Non-safe contracts can registers organization, create a root safe, and be added as a safe in
addSafe()
, basically bypass theisSafe()
restrictions.src/Helpers.sol
-isSafe()
Recommendation
Consider to implement stricter checks, for example:
ERC165
supportsInterface()
checks instead of only checkingsafe
is a contract andthreshold
inisSafe()
.