Creating root safe for organization overrides `depthTreeLimit[org]`

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0xdd47bedcf75c314a5c3d27cbaa96421abccc0c4eafb1cad981acf21c83da61ee Severity: medium

Description: Description\ An organization may have updated it's depthTreeLimit to a value of 10, because of business requirements. Then if the same org wants to create new root safe and call createRootSafe, depthTreeLimit for it would be reset back to 8:

    function createRootSafe(address newRootSafe, string calldata name)
        external
        IsSafe(newRootSafe)
        IsRootSafe(_msgSender())
        requiresAuth
        returns (uint256 safeId)
    {
        address caller = _msgSender();
        bytes32 org = getOrgHashBySafe(caller);
        uint256 newIndex = indexId;
        safeId = _createOrgOrRoot(name, caller, newRootSafe);
        // Setting level by default
        depthTreeLimit[org] = 8;

        emit Events.RootSafeCreated(org, newIndex, caller, newRootSafe, name);
    }

If the original root already has created a tree with 9 children, this would mean that right now it is in an invalid state. Another problem is that organization waste gas to call once again updateDepthTreeLimit to make it again 10.

Attack Scenario\ In the Description section I have explained a scenario on how an organization may "suffer" the consequences.

Attachments

1. Proof of Concept (PoC) File Will provide if needed

2. Revised Code File (Optional) Add additional argument (bool resetDepthTreeLimit) to createRootSafe, so caller safe can specify it. Also check whether depthTreeLimit[org] <= 8

[0xmahdirostami]

Thanks, duplicate of issue #4