Open hats-bug-reporter[bot] opened 1 week ago
non-Issue, like mention this problem is with the version 1.5 and our module is compatible only with version 1.3.0 and 1.4.1
Additional the version 1.5.0 is not release yet!!!! (the audit is not ready and the front/back end is not adapted for this new version) inclusive safe-global indicate that version will have several break changes!! in the protocol
Github username: -- Twitter username: SBSecurity_ Submission hash (on-chain): 0xca5ddd79ffe75ab6a127621d03a5c25a9a51828c81fec240bbf0f2308ba75283 Severity: high
Description: Description\ In safe 1.5 execTransactionFromModule() calls first pre the execute and then post checks.
PalmeraGuard
hascheckAfterExecution
, but do not havecheckModuleTransaction
which is called here.Attack Scenario\ Describe how the vulnerability can be exploited.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional) Add checkModuleTransaction(), like in the example Guards from SAFE
https://github.com/safe-global/safe-smart-account/blob/499b17ad0191b575fcadc5cb5b8e3faeae5391ae/contracts/examples/guards/DebugTransactionGuard.sol#L99-L109