search

hats-finance / Palmera-0x5fee7541ddcd51ba9f4af606f87b2c42eea655be

Palmera hierarchical module
0 stars 1 forks source link

Missing Guard functions will block the execTransactionFromModule #32

Open hats-bug-reporter[bot] opened 1 week ago

hats-bug-reporter[bot] commented 1 week ago

Github username: -- Twitter username: SBSecurity_ Submission hash (on-chain): 0xca5ddd79ffe75ab6a127621d03a5c25a9a51828c81fec240bbf0f2308ba75283 Severity: high

Description: Description\ In safe 1.5 execTransactionFromModule() calls first pre the execute and then post checks.

function execTransactionFromModule(
        address to,
        uint256 value,
        bytes memory data,
        Enum.Operation operation
    ) public virtual override returns (bool success) {
        (address guard, bytes32 guardHash) = preModuleExecution(to, value, data, operation);

        success = execute(to, value, data, operation, type(uint256).max);
        postModuleExecution(guard, guardHash, success);
    }

PalmeraGuard has checkAfterExecution, but do not have checkModuleTransaction which is called here.

function preModuleExecution(
        address to,
        uint256 value,
        bytes memory data,
        Enum.Operation operation
    ) internal returns (address guard, bytes32 guardHash) {
        guard = getModuleGuard();

        // Only whitelisted modules are allowed.
        require(msg.sender != SENTINEL_MODULES && modules[msg.sender] != address(0), "GS104");

        if (guard != address(0)) {
            guardHash = IModuleGuard(guard).checkModuleTransaction(to, value, data, operation, msg.sender);
        }
    }

Attack Scenario\ Describe how the vulnerability can be exploited.

Attachments

  1. Proof of Concept (PoC) File

  2. Revised Code File (Optional) Add checkModuleTransaction(), like in the example Guards from SAFE

https://github.com/safe-global/safe-smart-account/blob/499b17ad0191b575fcadc5cb5b8e3faeae5391ae/contracts/examples/guards/DebugTransactionGuard.sol#L99-L109

alfredolopez80 commented 1 week ago

non-Issue, like mention this problem is with the version 1.5 and our module is compatible only with version 1.3.0 and 1.4.1

Additional the version 1.5.0 is not release yet!!!! (the audit is not ready and the front/back end is not adapted for this new version) inclusive safe-global indicate that version will have several break changes!! in the protocol